Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Task Manager!!

  • 16-12-2007 7:52am
    #1
    Closed Accounts Posts: 4


    i am unable to open my Task Manager.
    When i press ctrl+alt+del "Task Manager has been disabled by your administrator" error is coming.
    i have installed Avira AntiVir in my computer.
    when i select any file for scanning,system gets restart
    plz help me..
    thanks


Comments

  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,596 Mod ✭✭✭✭Capt'n Midnight


    http://www.microsoft.com/technet/sysinternals/utilities/processexplorer.mspx
    link to process explorer a bit like task manager

    do you have admin right s on the computer ?

    did you remove the old AV first before installing antivir as there could be a conflict there


  • Registered Users, Registered Users 2 Posts: 1,543 ✭✭✭Pataman


    Run spybot that fixed it for me


  • Closed Accounts Posts: 4 !123


    Thanks for ur immediate reply

    i hav the admin right on this computer and i am the only user.

    i removed my old AV(Norton) b4 installing Avira...


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Closed Accounts Posts: 4 !123


    thanks for ur immediate reply.

    i downloaded dss.exe and after execution only main.txt was created.

    main.txt

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-12-17 08:00:36
    Computer is in Normal Mode.



    -- HijackThis (run as Administrator.exe)

    Unable to find log (file not found); running clone.
    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2007-12-17 08:00:46
    Platform: Windows XP Service Pack 1 (5.01.2600)
    MSIE: Internet Explorer (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\system32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\savedump.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\slserv.exe
    D:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe
    D:\WINDOWS\system32\nutsrv4.exe
    D:\Documents and Settings\Administrator\Desktop\dss.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\GoogleToolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\GoogleToolbar1.dll
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NuTCSetupEnviron] D:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - D:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - D:\WINDOWS\system32\msvidctl.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: NuTCRACKERService - DataFocus, Inc. - D:\WINDOWS\system32\nutsrv4.exe
    O23 - Service: SmartLinkService (SLService) - Unknown owner - D:\WINDOWS\system32\slserv.exe
    O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - D:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe


    --
    End of file - 4913 bytes

    -- Files created between 2007-11-17 and 2007-12-17

    2007-12-16 21:52:05 69 --a
    D:\WINDOWS\System32\i
    2007-12-16 21:50:37 107 --a
    D:\WINDOWS\System32\o
    2007-12-16 10:29:19 0 d
    D:\SmitfraudFix
    2007-12-15 19:40:00 0 d--hs---- D:\FOUND.000
    2007-12-13 07:41:51 0 d
    D:\Program Files\Ingolingo
    2007-12-12 19:14:56 0 d
    D:\Documents and Settings\Administrator\Application Data\CyberLink
    2007-12-12 14:46:41 0 d
    D:\Documents and Settings\All Users\Application Data\CyberLink
    2007-12-12 14:46:24 0 d
    D:\Program Files\CyberLink
    2007-12-12 14:41:37 1703936 --a
    D:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-12 14:41:36 1769472 --a
    D:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-12 14:39:01 0 d
    D:\Program Files\Common Files\Nero
    2007-12-12 14:38:08 106496 --a
    D:\WINDOWS\System32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
    2007-12-12 14:38:04 471040
    n--- D:\WINDOWS\System32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2007-12-12 14:38:04 262144
    n--- D:\WINDOWS\System32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2007-12-12 14:38:04 1568768
    n--- D:\WINDOWS\System32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2007-12-12 14:38:03 155648 --a
    D:\WINDOWS\System32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
    2007-12-12 14:37:59 0 d
    D:\Program Files\Common Files\Ahead
    2007-12-12 14:37:58 0 d
    D:\Program Files\Ahead
    2007-12-12 08:42:49 0 d--hs---- D:\Recycled
    2007-12-07 20:09:10 413696 --a
    D:\WINDOWS\System32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2007-12-07 20:09:10 86016 --a
    D:\WINDOWS\System32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
    2007-12-07 20:09:10 0 d
    D:\Program Files\OpenAL
    2007-12-07 19:58:19 0 d
    D:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2007-12-07 19:56:44 163840 --a
    D:\WINDOWS\System32\unrar.dll
    2007-12-07 19:56:39 217088 --a
    D:\WINDOWS\System32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2007-12-07 19:56:39 39936 --a
    D:\WINDOWS\System32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
    2007-12-07 19:56:38 282624 --a
    D:\WINDOWS\System32\xvidvfw.dll
    2007-12-07 19:56:38 1559040 --a
    D:\WINDOWS\System32\xvidcore.dll
    2007-12-07 19:56:38 564224 --a
    D:\WINDOWS\System32\x264vfw.dll
    2007-12-07 19:56:38 630784 --a
    D:\WINDOWS\System32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
    2007-12-07 19:56:38 438272 --a
    D:\WINDOWS\System32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
    2007-12-07 19:56:36 3596288 --a
    D:\WINDOWS\System32\qt-dx331.dll
    2007-12-07 19:56:36 73728 --a
    D:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-12-07 19:56:35 740442 --a
    D:\WINDOWS\System32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-07 19:56:34 7680 --a
    D:\WINDOWS\System32\ff_vfw.dll
    2007-12-07 19:56:29 0 d
    D:\Program Files\K-Lite Codec Pack
    2007-12-07 19:56:29 0 d
    D:\Documents and Settings\All Users\Application Data\Real
    2007-12-07 19:56:29 0 d
    D:\Documents and Settings\Administrator\Application Data\Real
    2007-12-07 19:35:58 0 d
    D:\Documents and Settings\All Users\Application Data\MAGIX
    2007-12-07 19:35:23 0 d
    D:\Program Files\Common Files\MAGIX Shared
    2007-12-07 19:34:59 120200 --a
    D:\WINDOWS\System32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
    2007-12-07 19:34:59 0 d
    D:\Program Files\MAGIX
    2007-12-07 19:34:16 667648 --a
    D:\WINDOWS\System32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
    2007-12-07 19:34:16 0 d
    D:\WINDOWS\System32\MAGIX


    -- Find3M Report

    Nothing modified in this timespan.


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [12/16/2007 12:30 PM]
    "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
    "NuTCSetupEnviron"="D:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe" [04/25/2002 03:13 PM]
    "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
    "RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
    "KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [08/29/2002 03:41 AM]

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    LaunchU3.exe.lnk - D:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe [8/19/2007 1:23:25 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    D:\WINDOWS\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    D:\WINDOWS\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    C:\TCWIN45\PIPELINE\remind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "D:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    rundll32 D:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
    D:\Program Files\VVSN\VVSN.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    "D:\Program Files\Save\Save.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    D:\Program Files\Winamp\winampa.exe




    -- End of Deckard's System Scanner: finished at 2007-12-17 08:01:16

    Thank you.


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    This should fix your problems

    First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

    To Get rid of NewDotNet, go to:

    Start > Control Panel > Add or Remove Programs and remove the following:

    New.Net Applications or New.Net Domains (anything that says New.Net)

    If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

    In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    Backup Your Registry with ERUNT
    • Please use the following link and scroll down to ERUNT and download it.
      http://aumha.org/freeware/freeware.php
    • For version with the Installer:
      Use the setup program to install ERUNT on your computer
    • For the zipped version:
      Unzip all the files into a folder of your choice.
    Click Erunt.exe to backup your registry to the folder of your choice.

    Note: to restore your registry, go to the folder and start ERDNT.exe




    Now we need to fix your problems by making a .reg file. Copy the code below into a Notepad file. Name the file as fix.reg, change the "Save as Type" to "All files" and save it on the desktop.
    Windows Registry Editor Version 5.00
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
    


    Then double click on the fix.reg file, when it prompts to merge click "Yes".




    Please download OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      D:\Program Files\VVSN
      D:\Program Files\NewDotNet
      D:\Program Files\Save


    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

    Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.



    Reboot and post a new DSS log and tell me how your PC is running


  • Registered Users, Registered Users 2 Posts: 7,042 ✭✭✭kaizersoze


    Spybot S&D sorted that on a few computers for me.


  • Closed Accounts Posts: 4 !123


    Here is the summary of what i did:

    The newdotnet was not in the add/Remove list..
    so i followed the procedure 4..

    after that i had no problem connecting to the internet..

    then we did the scan with Hijackthis but none of the entries u mentioned were there.

    then i backedup the registry.

    then i ran the fix.reg file.

    then i ran the OTMoveIt and copy pasted the files you mentioned..

    but i got a message stating that a log couldn't be created because none of the files could be found

    "
    File/Folder D:\Program Files\VVSN not found.
    File/Folder D:\Program Files\NewDotNet not found.
    File/Folder D:\Program Files\Save not found.

    Created on 12/18/2007 19:28:22
    "
    In the mean time the monitor was constantly flickering and i couldnt click any of the icons in the system. This got corrected when i rebooted the system.

    And finally this is the dss log after reboot

    "
    Deckard's System Scanner v20071014.68
    Run by Administrator on 2007-12-18 19:40:09
    Computer is in Normal Mode.



    -- HijackThis (run as Administrator.exe)

    Logfile of HijackThis v1.99.1
    Scan saved at 7:40:14 PM, on 12/18/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    D:\Program Files\Messenger\msmsgs.exe
    D:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
    D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\slserv.exe
    D:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe
    D:\WINDOWS\System32\nutsrv4.exe
    D:\WINDOWS\slrundll.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\NOTEPAD.EXE
    D:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\HJK\ADMINI~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [NuTCSetupEnviron] D:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: LaunchU3.exe.lnk = ?
    O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{722B9FA6-4B2A-4005-A64B-12421C9D9825}: NameServer = 218.248.240.23 218.248.240.135
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: NuTCRACKERService - DataFocus, Inc. - D:\WINDOWS\System32\nutsrv4.exe
    O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Apache Tomcat (Tomcat5) - Unknown owner - D:\Program Files\Apache Software Foundation\Tomcat 5.0\bin\tomcat5.exe" //RS//Tomcat5 (file missing)


    -- Files created between 2007-11-18 and 2007-12-18

    2007-12-18 19:17:50 0 d
    D:\ERDNT
    2007-12-18 19:06:22 0 d--hs---- D:\FOUND.001
    2007-12-16 21:52:05 69 --a
    D:\WINDOWS\System32\i
    2007-12-16 21:50:37 107 --a
    D:\WINDOWS\System32\o
    2007-12-16 10:29:19 0 d
    D:\SmitfraudFix
    2007-12-15 19:40:00 0 d--hs---- D:\FOUND.000
    2007-12-13 07:41:51 0 d
    D:\Program Files\Ingolingo
    2007-12-12 19:14:56 0 d
    D:\Documents and Settings\Administrator\Application Data\CyberLink
    2007-12-12 14:46:41 0 d
    D:\Documents and Settings\All Users\Application Data\CyberLink
    2007-12-12 14:46:24 0 d
    D:\Program Files\CyberLink
    2007-12-12 14:41:37 1703936 --a
    D:\WINDOWS\System32\d3d9.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-12 14:41:36 1769472 --a
    D:\WINDOWS\System32\dxdiagn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-12-12 14:39:01 0 d
    D:\Program Files\Common Files\Nero
    2007-12-12 14:38:08 106496 --a
    D:\WINDOWS\System32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
    2007-12-12 14:38:04 471040
    n--- D:\WINDOWS\System32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2007-12-12 14:38:04 262144
    n--- D:\WINDOWS\System32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2007-12-12 14:38:04 1568768
    n--- D:\WINDOWS\System32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
    2007-12-12 14:38:03 155648 --a
    D:\WINDOWS\System32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
    2007-12-12 14:37:59 0 d
    D:\Program Files\Common Files\Ahead
    2007-12-12 14:37:58 0 d
    D:\Program Files\Ahead
    2007-12-12 08:42:49 0 d--hs---- D:\Recycled
    2007-12-07 20:09:10 413696 --a
    D:\WINDOWS\System32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2007-12-07 20:09:10 86016 --a
    D:\WINDOWS\System32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
    2007-12-07 20:09:10 0 d
    D:\Program Files\OpenAL
    2007-12-07 19:58:19 0 d
    D:\Documents and Settings\Administrator\Application Data\Media Player Classic
    2007-12-07 19:56:44 163840 --a
    D:\WINDOWS\System32\unrar.dll
    2007-12-07 19:56:39 217088 --a
    D:\WINDOWS\System32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
    2007-12-07 19:56:39 39936 --a
    D:\WINDOWS\System32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
    2007-12-07 19:56:38 282624 --a
    D:\WINDOWS\System32\xvidvfw.dll
    2007-12-07 19:56:38 1559040 --a
    D:\WINDOWS\System32\xvidcore.dll
    2007-12-07 19:56:38 564224 --a
    D:\WINDOWS\System32\x264vfw.dll
    2007-12-07 19:56:38 630784 --a
    D:\WINDOWS\System32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
    2007-12-07 19:56:38 438272 --a
    D:\WINDOWS\System32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
    2007-12-07 19:56:36 3596288 --a
    D:\WINDOWS\System32\qt-dx331.dll
    2007-12-07 19:56:36 73728 --a
    D:\WINDOWS\System32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2007-12-07 19:56:35 740442 --a
    D:\WINDOWS\System32\divx.dll <Not Verified; DivX, Inc.; DivX®>
    2007-12-07 19:56:34 7680 --a
    D:\WINDOWS\System32\ff_vfw.dll
    2007-12-07 19:56:29 0 d
    D:\Program Files\K-Lite Codec Pack
    2007-12-07 19:56:29 0 d
    D:\Documents and Settings\All Users\Application Data\Real
    2007-12-07 19:56:29 0 d
    D:\Documents and Settings\Administrator\Application Data\Real
    2007-12-07 19:35:58 0 d
    D:\Documents and Settings\All Users\Application Data\MAGIX
    2007-12-07 19:35:23 0 d
    D:\Program Files\Common Files\MAGIX Shared
    2007-12-07 19:34:59 120200 --a
    D:\WINDOWS\System32\DLLDEV32i.dll <Not Verified; ; DLLDEV32i>
    2007-12-07 19:34:59 0 d
    D:\Program Files\MAGIX
    2007-12-07 19:34:16 667648 --a
    D:\WINDOWS\System32\mgxoschk.dll <Not Verified; MAGIX AG; mgxoschk>
    2007-12-07 19:34:16 0 d
    D:\WINDOWS\System32\MAGIX


    -- Find3M Report

    Nothing modified in this timespan.


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="D:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [12/16/2007 12:30 PM]
    "Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
    "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
    "NuTCSetupEnviron"="D:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe" [04/25/2002 03:13 PM]
    "NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
    "RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
    "KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [08/29/2002 03:41 AM]

    D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    LaunchU3.exe.lnk - D:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe [8/19/2007 1:23:25 PM]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableTaskMgr"=1 (0x1)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
    @=&quot;Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
    @=&quot;Volume shadow copy"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=D:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=D:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=D:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    D:\WINDOWS\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    D:\WINDOWS\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
    C:\TCWIN45\PIPELINE\remind.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "D:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    sm56hlpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    SOUNDMAN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    D:\Program Files\Winamp\winampa.exe




    -- End of Deckard's System Scanner: finished at 2007-12-18 19:40:54

    "
    Thank you.


Advertisement