Jump to content

Change Mode

Hijack Log**{{Vista}}**


Sweetpotato
 Share

Recommended Posts

Could someone look at this and see if there is anything that I need to get rid of or fix? My computer has been acting funny and slow.I did post in user to user help for a different question that might or might not be related to this.Thank you for the look.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:41:14 PM, on 12/15/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\System32\Ctxfihlp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

C:\Program Files\Lexmark 2300 Series\ezprint.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\rundll32.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Program Files\Internet Explorer\IEUser.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: IEToolbarEngine.ShowToolbarBHO - {a8da9765-6797-4e9f-9342-04163e5e7b3d} - mscoree.dll (file missing)

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll

O3 - Toolbar: Jeaks Music - {c80de717-a62a-425e-a612-e36b08407237} - mscoree.dll (file missing)

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"

O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"

O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\APP_1_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\343736~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\9Y5T1ZZ5\NO_CON~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\8R5YGC1F\DW_PAS~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\9Y5T1ZZ5\DC_1_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\INDEX_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ND0K3N2N\DW_PAS~2.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\DW_PAS~1.SH! C:\Users\Raedel\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DG7LEE0P\APP_1_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DG7LEE0P\IN

O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1\508\log98A6.tmp\GOTOAS~3.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1\508\log98A6.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1\508.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1.SH! (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\APP_1_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\343736~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\9Y5T1ZZ5\NO_CON~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\8R5YGC1F\DW_PAS~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\9Y5T1ZZ5\DC_1_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\INDEX_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ND0K3N2N\DW_PAS~2.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZXRMQVR\DW_PAS~1.SH! C:\Users\Raedel\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DG7LEE0P\APP_1_~1.SH! C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\DG7LEE0P\IN

O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\Temp\HSPERF~1.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1\508\log98A6.tmp\GOTOAS~3.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1\508\log98A6.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1\508.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1\GOTOAS~1.SH! C:\Users\Raedel\AppData\Local\Temp\CITRIX~1.SH! (User 'Default user')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: &Subscribe with ArchosLink - file://C:\Program Files\Archos\ArchosLink\\script.js

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html

O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O13 - Gopher Prefix:

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB

O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://rms2.invokesolutions.com/events/bin...1450/MILive.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (file missing)

O23 - Service: McAfee Application Installer Cleanup (0197721226616336) (0197721226616336mcinstcleanup) - Unknown owner - C:\Windows\TEMP\019772~1.EXE (file missing)

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - H:\Ares Ultra\chatServer.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcg_device - - C:\Windows\system32\lxcgcoms.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

 

--

End of file - 14180 bytes

Link to comment
Share on other sites

Here is the link to my other question in the forum.

http://forums.pcpitstop.com/index.php?showtopic=163367

The problem that I seem to be having of late is that sometimes when I open up explorer my homepage will display differently. Don't know if that's common. I have AOL. Also my computer seems to be slower and it's been locking up on me and it closes down by itself. For the othe topic I had, my computer will(a box)pop up and says dw20.exe wants permission and at first i said no and it kept on shutting down the explorer. After a few days of this I finally clicked yes and it still shut down the explorer. I did get an e-mail on how to shut that down but it seemed kind of difficult so I didn't do it. Thanks so much.

Link to comment
Share on other sites

I think it would be better to try and find out what is causing the error than to disable the error reporting tool. Just so you know, if prompted again, you do not need to allow dw20.exe access. It send information about the error to Microsoft ....... not a bad thing, just not required. ;)

 

What Office application has been giving you problems, eg; closes while in use - with or without an error, opens or closes slowly, etc.

 

How old is the computer? Is it a desktop or laptop? Is it exposed to dusty conditions, or are there pets around?

 

Scan again with HijackThis and place a check next to the following entries.

 

O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1

O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\MICROS~1\Windows\TEMPOR~1

O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Raedel\AppData\Local\Temp\HSPERF~1.SH!

 

Close all other windows then click Fix Checked.

Exit HijackThis when complete.

 

Click Start then type cmd.exe in the search bar.

When it appears above, right click and select 'Run as Administrator'

Type or copy and paste (using right click>Paste) the following bolded command.

 

sc delete 0197721226616336mcinstcleanup

 

Hit Enter then close the command window.

 

I recommend you uninstall GoToAssist in the Programs and Features list. As you probably know, that is an application installed to allow for remote administration of your computer, usually by a support tech. If ever needed again, they will have you re-install it.

 

Download ATF Cleaner by Atribune and save it to your Desktop.

  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

     

  • Windows Temp
Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin

The rest are optional - if you want it to remove everything check "Select All". Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.Reboot

 

 

After restarting, download DDS and save it to your desktop.

  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
Please include the contents of the following in your next reply:

 

DDS.txt

 

I may ask for the Attach.txt log later, so keep it handy.

 

Let me know if there's any noticeable change in the computer's behavior.

Link to comment
Share on other sites

Sorry it took so long to get back. I tried to run a scan and clicked on the items but it gave me an error twice. Then I thought I would run as administrator and same thing.I wont do any other of the things uless I hear back to do them. I didn't know if they had to be done in that order. Anyways wit reguards to my computer it is a little over a year old. It's a Dell XPS720 intel core2 cpu [email protected] 2.4 GHz it's a 32 bit OP system and 2 gigs of ram. If you need anything else please let me know. Also, what my computer is doing is i'll be on the internet and it will freeze up or hand and I have to restart it. With the dw20 thing I have clicked both yes and no and it will also sometimes shut down the explorer on me.

Link to comment
Share on other sites

For the hijack this it was a long list of things. I tries to copy it but it wouldn't let me.

 

DDS (Version 1.1.0) - NTFSx86

Run by Raedel at 16:37:37.63 on Thu 12/18/2008

Internet Explorer: 7.0.6001.18000

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1262 [GMT -6:00]

 

============== Running Processes ===============

 

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\System32\Ctxfihlp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Lexmark 2300 Series\lxcgmon.exe

C:\Program Files\Lexmark 2300 Series\ezprint.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\SYSTEM32\CTXFISPI.EXE

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\lxcgcoms.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\common files\mcafee\mna\mcnasvc.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Raedel\Desktop\dds.scr

C:\Windows\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

uStart Page = hxxp://www.aol.com/

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

mStart Page = hxxp://www.yahoo.com/

mDefault_Page_URL = hxxp://www.yahoo.com/

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: {a8da9765-6797-4e9f-9342-04163e5e7b3d} - mscoree.dll

TB: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll

TB: {c80de717-a62a-425e-a612-e36b08407237} - mscoree.dll

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

mRun: [ECenter] c:\dell\e-center\EULALauncher.exe

mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"

mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanlu.exe" /r

mRun: [updReg] c:\windows\UpdReg.EXE

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [lxcgmon.exe] "c:\program files\lexmark 2300 series\lxcgmon.exe"

mRun: [EzPrint] "c:\program files\lexmark 2300 series\ezprint.exe"

mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,[email protected]

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

dRun: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p7 /q c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jzxrmqvr\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jzxrmqvr\343736~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9y5t1zz5\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\8r5ygc1f\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9y5t1zz5\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jzxrmqvr\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\nd0k3n2n\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jzxrmqvr\dw_pas~1.sh! c:\users\raedel\appdata\local\temp\hsperf~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\dg7lee0p\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\dg7lee0p\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\h8bmahko\343737~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\h8bmahko\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\h8bmahko\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\dm8v0re8\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\h8bmahko\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\mockq94c\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\gphqobi3\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\hu02ahl8\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tlotc8qc\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\ohqpvyrj\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tlotc8qc\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\hu02ahl8\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\ohqpvyrj\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\rn4kxgnr\343737~3.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jdy3jpn3\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jdy3jpn3\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\45s33sdg\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\45s33sdg\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\rn4kxgnr\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\t471ngfd\dw_pas~4.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\t471ngfd\dwb8d5~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tntalo7e\343737~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\sbi28fzs\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tntalo7e\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\a0028sah\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\mly8phfc\343737~4.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0iz5z3lk\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\qf3voepp\343737~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\rvvzrgc3\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jrcsrm1h\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\rvvzrgc3\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\qf3voepp\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\jrcsrm1h\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0iz5z3lk\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\z1l3vswx\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\ntg0v5j3\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\z1l3vswx\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0dy1pp7w\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0dy1pp7w\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\hck60ytm\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\z1l3vswx\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\z1l3vswx\343737~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\ndigsm51\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9sqrlhq8\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\snquwzhr\no_con~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9sqrlhq8\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\ndigsm51\343737~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9sqrlhq8\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9sqrlhq8\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\9sqrlhq8\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0b2ds0k0\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0b2ds0k0\dwbec5~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0b2ds0k0\dwa00c~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\269u40ol\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\uxyrqfav\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\uxyrqfav\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\0b2ds0k0\dw_pas~4.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tv6a6p9t\app_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tv6a6p9t\343737~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\5wfustit\dw_pas~2.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tlws2dtv\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\tlws2dtv\no_con~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\5wfustit\dc_1_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\t96mljrc\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\t96mljrc\index_~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\cq73cc19\dw_pas~1.sh! c:\users\raedel\appdata\local\micros~1\windows\tempor~1\content.ie5\cq73cc19\DESKTO~1.SH!

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{163d89dd-7386-412d-837f-d2b3131780d3}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &Subscribe with ArchosLink - file://c:\program files\archos\archoslink\\script.js

IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - c:\program files\siber systems\ai roboform\RoboFormComOptions.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~3.0_0\bin\ssv.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - c:\program files\siber systems\ai roboform\RoboFormComOptions.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html

IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

 

============= SERVICES / DRIVERS ===============

 

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-9-28 179712]

R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]

R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]

S3 getPlus® Helper;getPlus® Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-15 33752]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-2 18176]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-22 7680]

S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]

S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-9-28 131368]

 

============== File Associations ===============

 

regfile=regedit.exe "%1" %*

scrfile="%1" %*

 

=============== Created Last 30 ================

 

2008-12-14 13:10 <DIR> --d----- c:\program files\Curse

2008-12-13 14:00 4,230,520 a------- c:\windows\system32\SpoonUninstall.exe

2008-12-13 14:00 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp

2008-12-13 14:00 12,896 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat

2008-12-13 14:00 <DIR> --d----- c:\users\raedel\appdata\roaming\AccurateRip

2008-12-13 14:00 <DIR> --d----- c:\program files\Illustrate

2008-12-10 15:55 2,048 a------- c:\windows\system32\tzres.dll

2008-12-10 15:53 2,927,104 a------- c:\windows\explorer.exe

2008-11-26 07:21 712,704 a------- c:\windows\system32\WindowsCodecs.dll

2008-11-26 07:21 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll

2008-11-26 07:21 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll

2008-11-26 07:21 241,152 a------- c:\windows\system32\PortableDeviceApi.dll

2008-11-26 07:21 1,645,568 a------- c:\windows\system32\connect.dll

2008-11-23 19:04 <DIR> --d----- c:\program files\iPod

2008-11-23 19:04 <DIR> --d----- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-23 19:04 <DIR> --d----- c:\program files\iTunes

2008-11-23 19:04 <DIR> --d----- c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-11-23 07:04 1,524,736 a------- c:\windows\system32\wucltux.dll

2008-11-23 07:04 83,456 a------- c:\windows\system32\wudriver.dll

2008-11-23 07:04 162,064 a------- c:\windows\system32\wuwebv.dll

2008-11-23 07:04 31,232 a------- c:\windows\system32\wuapp.exe

2008-11-19 20:05 <DIR> --d----- c:\program files\FrostWire

 

==================== Find3M ====================

 

2008-12-08 21:16 2,982 a------- c:\users\raedel\appdata\roaming\wklnhst.dat

2008-11-10 16:53 143,360 a------- c:\windows\inf\infstrng.dat

2008-11-10 16:53 51,200 a------- c:\windows\inf\infpub.dat

2008-11-08 09:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf

2008-11-08 09:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-11-08 09:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf

2008-11-08 09:56 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf

2008-11-08 09:47 86,016 a------- c:\windows\inf\infstor.dat

2008-10-31 21:44 52,736 a------- c:\windows\apppatch\iebrshim.dll

2008-10-31 21:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll

2008-10-31 21:44 541,696 a------- c:\windows\apppatch\AcLayers.dll

2008-10-31 21:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll

2008-10-31 21:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll

2008-10-31 21:44 28,672 a------- c:\windows\system32\Apphlpdm.dll

2008-10-31 19:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll

2008-10-20 23:25 296,960 a------- c:\windows\system32\gdi32.dll

2008-10-15 22:47 827,392 a------- c:\windows\system32\wininet.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-06-11 20:10 665,600 a------- c:\windows\inf\drvindex.dat

2008-05-25 12:22 174 a--sh--- c:\program files\desktop.ini

2008-04-30 20:22 109,488 a------- c:\users\raedel\appdata\roaming\GDIPFONTCACHEV1.DAT

2008-04-15 18:44 774,144 a------- c:\program files\RngInterstitial.dll

2008-01-13 10:41 60,968 a------- c:\users\raedel\GoToAssistDownloadHelper.exe

2008-01-03 18:23 439,296 a------- c:\users\raedel\GoToAssist_phone__317_en.exe

2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat

2006-11-02 06:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat

2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat

2006-11-02 06:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat

2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat

2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat

2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat

2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

2007-12-24 18:01 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat

2007-12-24 18:01 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat

2007-12-24 18:01 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat

 

============= FINISH: 16:38:03.81 ===========

Also with the dw20 it only comes up when I am on the internet.

Link to comment
Share on other sites

Highlight and copy the contents of the code box below.

reg delete HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /v DelayShred /f
reg delete HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce /v DelayShred /f
reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run /v DelayShred /f
exit
cls
Click Start and type cmd.exe in the Search field. Right click the cmd.exe result and select Run as Administrator to open a command window. Right click in the command window and select paste. The command window will close on it's own.

 

Did you uninstall GoToAssist? If so, please delete the following related files.

 

c:\users\raedel\GoToAssistDownloadHelper.exe

c:\users\raedel\GoToAssist_phone__317_en.exe

 

 

Please post the Attach.txt file that was created when you ran DDS

Link to comment
Share on other sites

I did those other two things and here's my post.

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Version 1.0)

 

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 9/28/2007 12:09:38 PM

System Uptime: 12/18/2008 4:28:20 PM (0 hours ago)

 

Motherboard: Dell Inc. | | 0CK520

Processor: Intel® Core2 CPU 6600 @ 2.40GHz | Microprocessor | 2400/1066mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 456 GiB total, 303.637 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.264 GiB free.

E: is CDROM ()

F: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

 

==== Installed Programs ======================

 

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9

Adobe Shockwave Player 11

AI RoboForm (All Users)

Apple Mobile Device Support

Apple Software Update

Archos MPG4 Translator V3.0.12

ArchosLink

Ares Ultra 4.1.0

AutoUpdate

AviSynth 2.5

Bonjour

Broadcom Gigabit Integrated Controller

Broadcom Management Programs

Call of Duty Game of the Year Edition

CCleaner (remove only)

CCScore

Coupon Printer for Windows

CouponBar

Creative MediaSource 5

Curse Client

dBpoweramp Music Converter

Dell Support Center (Support Software)

Dell System Customization Wizard

DellSupport

Digital Line Detect

DivX Codec

DivX Converter

DivX Player

DivX Web Player

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

FrostWire 4.17.2

Games, Music, & Photos Launcher

getPlus® for Adobe

Google Desktop

Google Toolbar for Internet Explorer

Halo 2 for Windows Vista

Halo 2 Map Editor

Heroes of Might and Magic IV

Heroes of Might and Magic V

HijackThis 2.0.2

iTunes

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6

Jeaks Music for Internet Explorer

KODAK EASYSHARE Gallery Upload ActiveX Control

Kodak EasyShare software

Lexmark 2300 Series

LIVE gaming on Windows Runtime Version 1.0.6027

Macromedia Shockwave Player

McAfee SecurityCenter

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB929729)

Microsoft Digital Image Library 9 - Blocker

Microsoft Digital Image Standard 2006

Microsoft Digital Image Standard 2006 Editor

Microsoft Digital Image Standard 2006 Library

Microsoft Encarta Encyclopedia Standard 2006

Microsoft Money 2006

Microsoft Silverlight

Microsoft Streets & Trips 2006

Microsoft Visual C++ 2005 Redistributable

Microsoft Word 2002

Microsoft Works

Microsoft Works Suite 2006 Setup Launcher

Microsoft Works Suite Add-in for Microsoft Word

Microsoft XML Parser

MobileMe Control Panel

Modem Diagnostic Tool

Motorola Driver Installation 3.4.0

Motorola Phone Tools

Move Networks Media Player for Internet Explorer

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

Napster

Napster Burn Engine

neroxml

netbrdg

NetWaiting

NVIDIA Drivers

OfotoXMI

OpenAL

PowerDVD

Print Workshop 2005 LE

Product Documentation Launcher

QuickSet

QuickTime

RealArcade

RollerCoaster Tycoon

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler

Roxio MyDVD DE

Roxio Update Manager

RTC Client API v1.2

SFR

SHASTA

skin0001

SKINXSDK

Sonic Activation Module

Sound Blaster X-Fi

staticcr

The Weather Channel Desktop 6

tooltips

User's Guides

VCRedistSetup

Verizon Broadband Toolbar

Verizon High Speed Internet

VPRINTOL

Warcraft III

WIRELESS

Works Upgrade

World of Warcraft

Xvid 1.1.3 final uninstall

 

==== End Of File ===========================

sorry. Didn't know how to zip it up.

Link to comment
Share on other sites

I was hoping to see some event logs entries in the dds logs, but that didn't happen, so, I need to fire up my Vista machine and see what the best method will be for having you obtain those for me. In the meantime, please uninstall the following outdated versions of Java in the Control Panel>Program Features list

 

Java™ 6 Update 3

Java™ 6 Update 5

Java™ 6 Update 7

Java™ SE Runtime Environment 6

 

Then, go here and install the latest, Version 6 Update 11

 

Also recommend you reset IE.

Open a browser and click Tools>Internet Options

Select the Programs tab

Click Reset Web Settings

 

If using AOL browser, the method for opening Internet Options may differ (I don't remember ... AOL is gone years ago here ;) )

Link to comment
Share on other sites

I uninstalled the older versions of Java and reinstalled the latest one. Also did a reset for mi IE. As far as AOL,I have been using it so long that it's just comfortable to me. One thin else I have noticed, I have not been getting e-mail notifications from you even though it says I am. I have been just checking back so I don't miss anything. Just a fluke maybe. We'll see if i get one if you reply with me resetting my IE. THANKS FOR LISTENING

Link to comment
Share on other sites

Check your User CP>Options>Email Settings and make sure Enable Email Notification is ticked, and set to immediate. If it already is set that way, untick it and Amend, then re-tick it and amend.

 

Then check User CP>Subscriptions>View Topics

This topic should be listed. If it is not, scroll to the top and select Options>Track this topic.

Select Immediate then click Proceed

 

 

Assuming you are still getting the error .........

 

Click Start then type event in the Search bar.

Select Event Viewer from the programs list above.

Expand Windows Logs then select Application.

Look for Error events concurrent with the time of the dw20.exe error.

You might even try to force an error then refresh the event viewer (click Action>Refresh) to see if an error event populates in the Application logs.

If successful in determining the errors are logged in Application logs, click Action>Save Events As

Direct the log to be saved on the desktop, name it App and leave the Type set to Event Files (*.evtx)

Attach that log to an email to me for perusal.

 

If you do not find error events concurrent to the dw20 errors in the Application events, check in the other logs and save the appropriate one as needed. Be sure to name the saved log similar to the event type, eg; System = Sys, Internet Explorer = IE, etc.

Link to comment
Share on other sites

 Share

×
×
  • Create New...