Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - bagdaddy

Pages: [1]

Tech Clinic / what is "hs_err_pid2516" folder on desktop?

« on: March 20, 2006, 12:12:33 PM »

Hi all,
Anyone know what a hs_err_pid... is? While playing pogo.com all windows closed and the folder named hs_err... is on the desktop. It appears to be a log of a scan, but from what? It says : An unexpected error has been detected by HotSpot Virtual Machine:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x7c9010f3, pid=2516, tid=2888
#
# Java VM: Java HotSpot(tm) Client VM (1.5.0_06-b05 mixed mode, sharing)
# Problematic frame:
# C [ntdll.dll+0x10f3]
#

--------------- T H R E A D ---------------

Current thread (0x013f8c88): JavaThread "Finalizer" daemon [_thread_in_native, id=2888]

siginfo: ExceptionCode=0xc0000005, writing address 0x0a018fac

Registers:
EAX=0x00000000, EBX=0x00000000, ECX=0x093af6c8, EDX=0x0a018fa4
ESP=0x093af6d8, EBP=0x093af708, ESI=0x0a018f90, EDI=0x0a018fa4
EIP=0x7c9010f3, EFLAGS=0x00010246

Top of Stack: (sp=0x093af6d8)
0x093af6d8: 6d0d7ce2 0a018fa4 0a018f90 013f8d48
0x093af6e8: 6d0c9659 013f8c88 2aafb7c0 2b351760
0x093af6f8: 093af6ec 093af830 6d0f3644 00000000
0x093af708: 093af734 06f5826f 013f8d48 093af744
0x093af718: 093af718 00000000 093af744 2b351a88
0x093af728: 00000000 2b351760 093af744 093af764
0x093af738: 06f52923 00000000 06f56449 20d17970
0x093af748: 093af748 2aafb787 093af76c 2b351a88

Instructions: (pc=0x7c9010f3)
0x7c9010e3: 24 00 00 00 00 90 90 90 90 90 8b 54 24 04 33 c0
0x7c9010f3: ff 4a 08 75 26 89 42 0c f0 ff 4a 04 7d 03 c2 04

Stack: [0x092b0000,0x093b0000), sp=0x093af6d8, free space=1021k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C [ntdll.dll+0x10f3]
j java.awt.Cursor.finalizeImpl()V+0
j java.awt.Cursor.finalize()V+7
v ~StubRoutines::call_stub
V [jvm.dll+0x845a9]
V [jvm.dll+0xd9317]
V [jvm.dll+0x8447a]
V [jvm.dll+0x897cb]
C [java.dll+0x2006]
J java.lang.ref.Finalizer.runFinalizer()V
J java.lang.ref.Finalizer.access$100(Ljava/lang/ref/Finalizer;)V
v ~RuntimeStub::alignment_frame_return Runtime1 stub
j java.lang.ref.Finalizer$FinalizerThread.run()V+11
v ~StubRoutines::call_stub
V [jvm.dll+0x845a9]
V [jvm.dll+0xd9317]
V [jvm.dll+0x8447a]
V [jvm.dll+0x841d7]
V [jvm.dll+0x9ed69]
V [jvm.dll+0x109fe3]
V [jvm.dll+0x109fb1]
C [msvcrt.dll+0x2a3b0]
C [kernel32.dll+0xb50b]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j java.awt.Cursor.finalizeImpl()V+0
j java.awt.Cursor.finalize()V+7
v ~StubRoutines::call_stub
J java.lang.ref.Finalizer.invokeFinalizeMethod(Ljava/lang/Object;)V
J java.lang.ref.Finalizer.runFinalizer()V
J java.lang.ref.Finalizer.access$100(Ljava/lang/ref/Finalizer;)V
v ~RuntimeStub::alignment_frame_return Runtime1 stub
j java.lang.ref.Finalizer$FinalizerThread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0a093808 JavaThread "Direct Clip" daemon [_thread_blocked, id=2236]
0x09ff0400 JavaThread "Direct Clip" daemon [_thread_blocked, id=2704]
0x0a185a10 JavaThread "Direct Clip" daemon [_thread_blocked, id=2724]
0x014e3ab8 JavaThread "ITimer" daemon [_thread_blocked, id=3752]
0x0a1fc618 JavaThread "TickTimer" daemon [_thread_blocked, id=1836]
0x0a060c08 JavaThread "TextField" daemon [_thread_blocked, id=684]
0x0a216418 JavaThread "ScrollBar" daemon [_thread_blocked, id=4016]
0x06afbe68 JavaThread "ScrollBar" daemon [_thread_blocked, id=3684]
0x06a77248 JavaThread "ScrollBar" daemon [_thread_blocked, id=1944]
0x0a185060 JavaThread "ScrollBar" daemon [_thread_blocked, id=372]
0x0a2153e0 JavaThread "ScrollBar" daemon [_thread_blocked, id=2472]
0x0a0f7998 JavaThread "TickTimer" daemon [_thread_blocked, id=1976]
0x06aff918 JavaThread "ScrollBar" daemon [_thread_blocked, id=2676]
0x0a0e1ec8 JavaThread "InvalQueue-1-com.pogo.ui2.awt.i[panel11,2,2,230x389,invalid,layout=com.pogo.ui2.awt.o]" daemon [_thread_blocked, id=2340]
0x0a031df8 JavaThread "Direct Clip" daemon [_thread_blocked, id=1664]
0x0a216da0 JavaThread "Timer2" daemon [_thread_blocked, id=2432]
0x069ec078 JavaThread "Direct Clip" daemon [_thread_blocked, id=2312]
0x0a0aabe8 JavaThread "tkping" [_thread_blocked, id=696]
0x0a105828 JavaThread "Thread-2557" [_thread_blocked, id=2164]
0x0a034e40 JavaThread "React-game1.pogo.com:4010-1" [_thread_in_native, id=2080]
0x0a169110 JavaThread "SocketConnection" daemon [_thread_in_native, id=1632]
0x09fe88c8 JavaThread "event-thread" daemon [_thread_blocked, id=1372]
0x06b4cc00 JavaThread "AsynchRasterManager" daemon [_thread_blocked, id=2284]
0x014d9558 JavaThread "Thread-2555" daemon [_thread_blocked, id=2196]
0x069ea008 JavaThread "Thread-2554" daemon [_thread_blocked, id=1020]
0x014be1e0 JavaThread "Thread-2553" daemon [_thread_blocked, id=2420]
0x06b1bc18 JavaThread "Thread-2552" daemon [_thread_blocked, id=2372]
0x0145a670 JavaThread "Thread-2551" daemon [_thread_blocked, id=2076]
0x014bec80 JavaThread "Thread-2550" daemon [_thread_blocked, id=1640]
0x06a28248 JavaThread "AWT-EventQueue-7" [_thread_blocked, id=2364]
0x06a28da0 JavaThread "Thread-2549" [_thread_blocked, id=1988]
0x0a1687a8 JavaThread "thread applet-com.pogo.game.client2.sweettooth.SweetToothApplet" [_thread_blocked, id=1864]
0x06b742d8 JavaThread "thread applet-com.sac.sweettooth.Swapit" [_thread_blocked, id=2184]
0x06a73358 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=2068]
0x06a6f5a0 JavaThread "AWT-Shutdown" [_thread_blocked, id=2368]
0x069bc658 JavaThread "Thread-2532" [_thread_in_native, id=1284]
0x06a747b8 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3112]
0x01488460 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=2920]
0x0142bca8 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2916]
0x014af338 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2908]
0x014df758 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2900]
0x069c7190 JavaThread "CompilerThread0" daemon [_thread_blocked, id=2896]
0x01407b28 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=2892]
=>0x013f8c88 JavaThread "Finalizer" daemon [_thread_in_native, id=2888]
0x0142dcc8 JavaThread "Reference Handler" daemon [_thread_blocked, id=2884]

Other Threads:
0x0148a358 VMThread [id=2880]
0x0148a400 WatcherThread [id=2904]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 2624K, used 246K [0x20a70000, 0x20d40000, 0x211d0000)
eden space 2368K, 6% used [0x20a70000, 0x20a94958, 0x20cc0000)
from space 256K, 39% used [0x20d00000, 0x20d19298, 0x20d40000)
to space 256K, 0% used [0x20cc0000, 0x20cc0000, 0x20d00000)
tenured generation total 33624K, used 26201K [0x211d0000, 0x232a6000, 0x26a70000)
the space 33624K, 77% used [0x211d0000, 0x22b664f0, 0x22b66600, 0x232a6000)
compacting perm gen total 8192K, used 3941K [0x26a70000, 0x27270000, 0x2aa70000)
the space 8192K, 48% used [0x26a70000, 0x26e49628, 0x26e49800, 0x27270000)
ro space 8192K, 63% used [0x2aa70000, 0x2af7b178, 0x2af7b200, 0x2b270000)
rw space 12288K, 46% used [0x2b270000, 0x2b809fa8, 0x2b80a000, 0x2be70000)

Dynamic libraries:
0x00400000 - 0x00419000    C:\Program Files\Internet Explorer\iexplore.exe
0x7c900000 - 0x7c9b0000    C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f4000    C:\WINDOWS\system32\kernel32.dll
0x77c10000 - 0x77c68000    C:\WINDOWS\system32\msvcrt.dll
0x77d40000 - 0x77dd0000    C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f57000    C:\WINDOWS\system32\GDI32.dll
0x77f60000 - 0x77fd6000    C:\WINDOWS\system32\SHLWAPI.dll
0x77dd0000 - 0x77e6b000    C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f01000    C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778ce000    C:\WINDOWS\system32\SHDOCVW.dll
0x77a80000 - 0x77b14000    C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000    C:\WINDOWS\system32\MSASN1.dll
0x754d0000 - 0x75550000    C:\WINDOWS\system32\CRYPTUI.dll
0x76c30000 - 0x76c5e000    C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000    C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771ac000    C:\WINDOWS\system32\OLEAUT32.dll
0x774e0000 - 0x7761d000    C:\WINDOWS\system32\ole32.dll
0x5b860000 - 0x5b8b4000    C:\WINDOWS\system32\NETAPI32.dll
0x771b0000 - 0x77256000    C:\WINDOWS\system32\WININET.dll
0x76f60000 - 0x76f8c000    C:\WINDOWS\system32\WLDAP32.dll
0x77c00000 - 0x77c08000    C:\WINDOWS\system32\VERSION.dll
0x773d0000 - 0x774d2000    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7c9c0000 - 0x7d1d5000    C:\WINDOWS\system32\SHELL32.dll
0x5d090000 - 0x5d127000    C:\WINDOWS\system32\comctl32.dll
0x5ad70000 - 0x5ada8000    C:\WINDOWS\system32\uxtheme.dll
0x60130000 - 0x60138000    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOEHook.dll
0x7c000000 - 0x7c054000    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\MSVCR70.dll
0x75f80000 - 0x7607d000    C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000    C:\WINDOWS\system32\browselc.dll
0x77b40000 - 0x77b62000    C:\WINDOWS\system32\appHelp.dll
0x76fd0000 - 0x7704f000    C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000    C:\WINDOWS\system32\COMRes.dll
0x77260000 - 0x772ff000    C:\WINDOWS\system32\urlmon.dll
0x77fe0000 - 0x77ff1000    C:\WINDOWS\system32\Secur32.dll
0x77a20000 - 0x77a74000    C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661d000    C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77a13000    C:\WINDOWS\system32\SETUPAPI.dll
0x769c0000 - 0x76a73000    C:\WINDOWS\system32\USERENV.dll
0x62900000 - 0x62955000    C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
0x71ad0000 - 0x71ad9000    C:\WINDOWS\system32\WSOCK32.dll
0x71ab0000 - 0x71ac7000    C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000    C:\WINDOWS\system32\WS2HELP.dll
0x76b40000 - 0x76b6d000    C:\WINDOWS\system32\WINMM.dll
0x5cd70000 - 0x5cd77000    C:\WINDOWS\system32\serwvdrv.dll
0x5b0a0000 - 0x5b0a7000    C:\WINDOWS\system32\umdmxfrm.dll
0x76ee0000 - 0x76f1c000    C:\WINDOWS\system32\RASAPI32.DLL
0x76e90000 - 0x76ea2000    C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000    C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000    C:\WINDOWS\system32\rtutils.dll
0x75cf0000 - 0x75d81000    C:\WINDOWS\System32\mlang.dll
0x10000000 - 0x1000e000    C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 - 0x7c396000    C:\WINDOWS\system32\MSVCR71.dll
0x75e90000 - 0x75f40000    C:\WINDOWS\system32\SXS.DLL
0x6d600000 - 0x6d62d000    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
0x5edd0000 - 0x5ede7000    C:\WINDOWS\system32\OLEPRO32.DLL
0x01540000 - 0x015c8000    C:\WINDOWS\system32\shdoclc.dll
0x015d0000 - 0x01895000    C:\WINDOWS\system32\xpsp2res.dll
0x71a50000 - 0x71a8f000    C:\WINDOWS\system32\mswsock.dll
0x662b0000 - 0x66308000    C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000    C:\WINDOWS\System32\wshtcpip.dll
0x77c70000 - 0x77c93000    C:\WINDOWS\system32\msv1_0.dll
0x76d60000 - 0x76d79000    C:\WINDOWS\system32\iphlpapi.dll
0x745e0000 - 0x748a6000    C:\WINDOWS\system32\msi.dll
0x65200000 - 0x65213000    C:\Program Files\Yahoo!\Companion\Installs\cpn1\pubmod.dll
0x65000000 - 0x65032000    C:\Program Files\Yahoo!\Companion\Installs\cpn1\ypubc.dll
0x64100000 - 0x6411c000    C:\Program Files\Yahoo!\Companion\Installs\cpn1\YMERemote.dll
0x722b0000 - 0x722b5000    C:\WINDOWS\system32\sensapi.dll
0x76fc0000 - 0x76fc6000    C:\WINDOWS\system32\rasadhlp.dll
0x76f20000 - 0x76f47000    C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000    C:\WINDOWS\System32\winrnr.dll
0x024d0000 - 0x024de000    C:\WINDOWS\System32\VetRedir.dll
0x025f0000 - 0x02605000    C:\WINDOWS\System32\ISafeIf.dll
0x7d4a0000 - 0x7d787000    C:\WINDOWS\System32\mshtml.dll
0x02820000 - 0x02847000    C:\WINDOWS\System32\msls31.dll
0x02d70000 - 0x02d9a000    C:\WINDOWS\System32\msimtf.dll
0x02da0000 - 0x02deb000    C:\WINDOWS\System32\MSCTF.dll
0x76390000 - 0x763ad000    C:\WINDOWS\system32\IMM32.DLL
0x32520000 - 0x32532000    C:\Program Files\Microsoft Office\Office10\msohev.dll
0x75c50000 - 0x75cbe000    c:\windows\system32\jscript.dll
0x73300000 - 0x73367000    c:\windows\system32\vbscript.dll
0x73dd0000 - 0x73ece000    c:\windows\system32\MFC42.DLL
0x30000000 - 0x30222000    C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
0x763b0000 - 0x763f9000    C:\WINDOWS\system32\comdlg32.dll
0x72d20000 - 0x72d29000    C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000    C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000    C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000    C:\WINDOWS\system32\midimap.dll
0x6d430000 - 0x6d43a000    C:\WINDOWS\System32\ddrawex.dll
0x73760000 - 0x737a9000    C:\WINDOWS\System32\DDRAW.dll
0x73bc0000 - 0x73bc6000    C:\WINDOWS\System32\DCIMAN32.dll
0x66e50000 - 0x66e90000    C:\WINDOWS\System32\iepeers.dll
0x73000000 - 0x73026000    C:\WINDOWS\System32\WINSPOOL.DRV
0x76820000 - 0x76834000    C:\WINDOWS\system32\HLINK.DLL
0x71d40000 - 0x71d5c000    C:\WINDOWS\System32\ACTXPRXY.DLL
0x767f0000 - 0x76817000    C:\WINDOWS\system32\schannel.dll
0x0ffd0000 - 0x0fff8000    C:\WINDOWS\system32\rsaenh.dll
0x68100000 - 0x68124000    C:\WINDOWS\system32\dssenh.dll
0x76200000 - 0x76271000    C:\WINDOWS\System32\mshtmled.dll
0x72b20000 - 0x72b38000    C:\WINDOWS\system32\plugin.ocx
0x6cc60000 - 0x6cc6b000    C:\WINDOWS\System32\dispex.dll
0x6d590000 - 0x6d5a2000    C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
0x6d400000 - 0x6d417000    C:\Program Files\Java\jre1.5.0_06\bin\jpiexp32.dll
0x6d450000 - 0x6d468000    C:\Program Files\Java\jre1.5.0_06\bin\jpishare.dll
0x6d670000 - 0x6d804000    C:\PROGRA~1\Java\JRE15~3.0_0\bin\client\jvm.dll
0x6d280000 - 0x6d288000    C:\PROGRA~1\Java\JRE15~3.0_0\bin\hpi.dll
0x76bf0000 - 0x76bfb000    C:\WINDOWS\system32\PSAPI.DLL
0x6d640000 - 0x6d64c000    C:\PROGRA~1\Java\JRE15~3.0_0\bin\verify.dll
0x6d300000 - 0x6d31d000    C:\PROGRA~1\Java\JRE15~3.0_0\bin\java.dll
0x6d660000 - 0x6d66f000    C:\PROGRA~1\Java\JRE15~3.0_0\bin\zip.dll
0x6d000000 - 0x6d167000    C:\Program Files\Java\jre1.5.0_06\bin\awt.dll
0x73940000 - 0x73a10000    C:\WINDOWS\system32\D3DIM700.DLL
0x6d240000 - 0x6d27d000    C:\Program Files\Java\jre1.5.0_06\bin\fontmanager.dll
0x6d1f0000 - 0x6d203000    C:\Program Files\Java\jre1.5.0_06\bin\deploy.dll
0x6d5d0000 - 0x6d5ef000    C:\Program Files\Java\jre1.5.0_06\bin\RegUtils.dll
0x6d3e0000 - 0x6d3f5000    C:\Program Files\Java\jre1.5.0_06\bin\jpicom32.dll
0x6d4c0000 - 0x6d4d3000    C:\Program Files\Java\jre1.5.0_06\bin\net.dll
0x6d4e0000 - 0x6d4e9000    C:\Program Files\Java\jre1.5.0_06\bin\nio.dll
0x6d1c0000 - 0x6d1e3000    C:\Program Files\Java\jre1.5.0_06\bin\dcpr.dll
0x6d3c0000 - 0x6d3df000    C:\Program Files\Java\jre1.5.0_06\bin\jpeg.dll
0x6d470000 - 0x6d495000    C:\Program Files\Java\jre1.5.0_06\bin\jsound.dll
0x6d4a0000 - 0x6d4a7000    C:\Program Files\Java\jre1.5.0_06\bin\jsoundds.dll
0x73f10000 - 0x73f6c000    C:\WINDOWS\system32\DSOUND.dll
0x73ee0000 - 0x73ee4000    C:\WINDOWS\system32\KsUser.dll

VM Arguments:
jvm_args: -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~3.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~3.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~3.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol -Djavaplugin.vm.options=-Djava.class.path=C:\PROGRA~1\Java\JRE15~3.0_0\classes -Xbootclasspath/a:C:\PROGRA~1\Java\JRE15~3.0_0\lib\deploy.jar;C:\PROGRA~1\Java\JRE15~3.0_0\lib\plugin.jar -Xmx96m -Djavaplugin.maxHeapSize=96m -Xverify:remote -Djavaplugin.version=1.5.0_06 -Djavaplugin.nodotversion=150_06 -Dbrowser=sun.plugin -DtrustProxy=true -Dapplication.home=C:\PROGRA~1\Java\JRE15~3.0_0 -Djava.protocol.handler.pkgs=sun.plugin.net.protocol vfprintf
java_command: <unknown>
Launcher Type: generic

Environment Variables:
PATH=C:\PROGRA~1\Java\JRE15~3.0_0\bin;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Roxio Shared\DLLShared;.
USERNAME=Barbara
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel

--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 2

CPU:total 1 family 15, cmov, cx8, fxsr, mmx, sse, sse2, ht

Memory: 4k page, physical 129840k(8340k free), swap 313112k(82584k free)

vm_info: Java HotSpot(tm) Client VM (1.5.0_06-b05) for windows-x86, built on Nov 10 2005 11:12:14 by "java_re" with MS VC++ 6.0

I read it, but still do not know what it is for or where it came from. please help.

Tech Clinic / fast on the net, but slow offline

« on: June 10, 2005, 11:35:23 AM »

Hi , I'm having a little trouble with my desktop. It is slow while I am working offline with many applications. I have good speed on the internet and downloading, but when I click on windows media, or word for example It takes a while to start and freezes up a lot.

Here is my Hjt log I don't know if that will tell you anything, but it's all I have.

Logfile of HijackThis v1.99.1
Scan saved at 12:27:27 PM, on 6/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Barbara\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O2 - BHO: TChkBHO Class - {EE5F16A2-43F9-44DA-88A7-F823247A0D3A} - C:\WINDOWS\SYSTEM32\wvgiqsh.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.8.6.20/slot...a-ob-assets.cab
O16 - DPF: Backgammon by pogo - http://gammon.pogo.com/applet-5.9.0.25/bac...n-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet-5.9.1.28/vid...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.1.18/ca...a-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess2.pogo.com/applet-5.9.0.25/che...2-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.6.20/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-5.8.5...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet-5.8.5.21/dom...o-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.com/applet-5.9.2.21/euc...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://solitaire.pogo.com/applet-5.9.1.18/...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-5.9.0.25...o-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet-5.8.5.28/...k-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-5.8.5.28/hea...s-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-5.8.6.20/gin/gin-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.6.20/m...g-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://freecell.pogo.com/applet-5.8.6.20/f...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-5.9.0.25...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.6.20/fl...r-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks08.pogo.com/applet-5.8.5....d-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.9.0.25/popf...u-ob-assets.cab
O16 - DPF: Pop Fu by pogo.com - http://popfu.pogo.com/applet/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://poppit.pogo.com/applet-5.8.5.28/pop...t-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet-5.9.0.25...s-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-5.9.0.25...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.6.20/ho...m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.1.28/peak...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet-5.9.1.28/jum...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game6.pogo.com/applet-5.8.6.20/turb...1-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown.pogo.com/applet-5.8.5.21/...n-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.9.0.25/w...s-ob-assets.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://www.photoparade.com/autoinstall/phpsetup.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email Removed/computercheckup/qdiagcc.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.Email Removed/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/16a08ad724179bb3de14/...ip/RdxIE601.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} (MyCorkboard Class) - http://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://carpoint.msn.com/Components/Ocx/SurVid/MSSurVid.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4019/ftp...23/cpbrkpie.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...stx/install.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://mirror.worldwinner.com/games/v59/swapit/swapit.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.Email Removed/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} (LSICapture Control) - http://classlive.ecollege.com/~sdk/SDK/paste/lsiw2k.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C7932801-AF0C-11D6-8137-0050DA5F0293} (RdxIE Class) - http://www.grokster.com/rdx/RdxIE.cab
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://playweb07.pogo.com/game/deluxe/insa...aploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Tech Clinic / cannot delete a .dlr

« on: March 24, 2005, 01:23:19 PM »

I can't find those files and it seems to be working fine.
here is the hjtlog.

Logfile of HijackThis v1.99.1
Scan saved at 9:15:05 PM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe

Tech Clinic / cannot delete a .dlr

« on: March 24, 2005, 01:46:34 AM »

I went through the list checking and deleting. I could not find a few files.
C:\windows\system32\iexplore.exe
C:\programfiles\0cat yellowpages

sasetup.dll denied access
winupdate.exe gave an error message when i tried to delete it

here are the logs.
Logfile of HijackThis v1.99.1
Scan saved at 8:40:10 AM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe

The latest mwav log:

File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Desktop\HSFix\HSFix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\eArmyU Student\Desktop\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\My Documents\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\gde.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\IBMTOOLS\APPS\PCDRWIN\SETUP2.EX2 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\PE\regpe.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\rmvmpc.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\hotview.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\omnithread_rt.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.g. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\VNCHooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
msvcrta.dll
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-

Tech Clinic / cannot delete a .dlr

« on: March 22, 2005, 11:39:14 AM »

here are the results from the mwav scan. It looks like a lot. I scanned with symantec earlier on the 10 layers deep setting and it returned with no threats then i used mwav and got the following.

File C:\WINDOWS\system32\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\windows\system32\rjvgdfdk.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cerbmod.dll infected by "not-a-virus:AdWare.BHO.NoName.l" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\STHOME~1\STHOME~1.DLL infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\WEBSIT~1\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cerbmod.dll infected by "not-a-virus:AdWare.BHO.NoName.l" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\STHOME~1\STHOME~1.DLL infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File c:\windows\system32\rjvgdfdk.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeTools.hta infected by "Trojan-Dropper.VBS.Inor.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\0cyp.exe infected by "not-a-virus:AdWare.ToolBar.STIEBar.b" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\bho_prob.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\INTLRECO.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\sthp.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\stl.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\034C0000.VBN infected by "Trojan-Downloader.Win32.Small.se" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09500000.VBN infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN infected by "Trojan-Downloader.VBS.Iwill.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0000.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0002.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0004.VBN infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0006.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0008.VBN infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC000A.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC000C.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC000E.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0010.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DE80000.VBN infected by "Trojan-Downloader.Java.OpenConnection.l" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeTools.hta infected by "Trojan-Dropper.VBS.Inor.bt" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\0cyp.exe infected by "not-a-virus:AdWare.ToolBar.STIEBar.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\bho_prob.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\INTLRECO.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\sthp.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\stl.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\gde.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\IBMTOOLS\APPS\PCDRWIN\SETUP2.EX2 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\STHomePage\uninst.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\WebSiteViewer\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\Program Files\WebSiteViewer\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Xpoint\PE\regpe.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\rmvmpc.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\hotview.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\omnithread_rt.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.g. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\VNCHooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp infected by "Trojan-Downloader.Win32.IstBar.ep" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp\10297024temp.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp infected by "not-a-virus:Porn-Tool.Win32.MaConnect" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp infected by "Trojan-Downloader.Win32.Krepper.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp infected by "Trojan-Downloader.Win32.Krepper.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP264\A0069465.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP273\A0071941.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP274\A0071969.dll infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP274\A0071979.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0071998.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0071999.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072002.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072004.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072005.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072007.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072008.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072009.dll infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072076.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072077.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072078.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072085.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072096.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072103.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072105.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072140.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072142.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072148.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072157.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072162.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072164.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072172.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072173.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072179.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072184.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072189.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072203.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072209.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072210.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072226.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072231.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072233.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.

Tech Clinic / cannot delete a .dlr

« on: March 21, 2005, 12:16:57 PM »

I scanned with the cwshredder and windows nt authority restarted on its own here is the hijack this log.Logfile of HijackThis v1.99.1
Scan saved at 8:11:18 PM, on 3/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\prvdi.exe
C:\windows\system32\rjvgdfdk.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\windows\system32\packager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WebSiteViewer\127021.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [rjvgdfdk] c:\windows\system32\rjvgdfdk.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeTools.hta
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe

Tech Clinic / cannot delete a .dlr

« on: March 20, 2005, 12:35:29 PM »

While surfing porn like most of the posts I've read with similar problems, my browser was reset to quickmetasearch and I have a shortcut "sex" on my desktop. At first I went to add/remove and it did not work.
when IE goes on it has also replaced my yahoo toolbar , so my popup blocker and antispy do not work.
In my program files there is a file named 127021.dlr and an icon with the same name.
How can i get rid of it and restore my laptop to normal operation?

Logfile of HijackThis v1.98.2
Scan saved at 7:39:46 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\prvdi.exe
C:\windows\system32\rjvgdfdk.exe
C:\windows\system32\calc.exe
C:\Program Files\WebSiteViewer\127021.dlr
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.the-huns-yellow-pages.com/hp.html
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [rjvgdfdk] c:\windows\system32\rjvgdfdk.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\services.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeTools.hta
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O19 - User stylesheet: c:\windows\my.css (file missing)

Pages: [1]

TheTechGuide Forum

News:

Show Posts

Messages - bagdaddy

Tech Clinic / what is "hs_err_pid2516" folder on desktop?

Tech Clinic / fast on the net, but slow offline

Tech Clinic / cannot delete a .dlr

Tech Clinic / cannot delete a .dlr

Tech Clinic / cannot delete a .dlr

Tech Clinic / cannot delete a .dlr

Tech Clinic / cannot delete a .dlr