Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Winotify

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Winotify

Unread postby deronde62 » January 14th, 2008, 12:23 am

Good evening. To get straight to the point, I opened my Outlook email yesterday and as soon as I did, I received a messaging that it was sending message 1 of 1. I had not sent an email in over a week. I suspected a problem somewhere. I ran McAfee, which for me, has been great so far. That did not detect anything. I then ran Spybot and that found nothing. I clicked on the tools and then startup in spybot and noticed several lines such as winotify.dll. I had no idea what that was. I tried to remove it but could not find it. After some searching, I found this site and have attached the hijack log. Whatever assistance you can provide would be greatly appreciated.
I hope I did this right.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:41 AM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AppStream\WindowsClient\Bin\AppMgrGui.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Documents and Settings\David\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://notesdancl1.pb.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9734258265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9830912062
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 6061 bytes
Last edited by silver on January 16th, 2008, 10:41 pm, edited 1 time in total.
Reason: Adjusted font size of HJT log
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am
Advertisement
Register to Remove

Re: Winotify

Unread postby silver » January 16th, 2008, 11:04 pm

Hi deronde62,

First, please move HijackThis from the desktop to it's own folder:
  • Open My Computer, navigate to C:\ and make a new folder named HJT
  • Move the HijackThis.exe program file from your desktop to C:\HJT
  • If you wish to place a shortcut to HijackThis on your desktop, then right-click hijackthis.exe, select Send To and choose Desktop (create shortcut)


Next, open this page in your browser:
http://www.bleepingcomputer.com/submit- ... channel=32

Please fill in the link to topic field with a link to this topic
Copy/paste this filename into the Browse to the file you want to submit field:
C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
Then press Send File, this will upload the file for analysis


Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c dir c:\winotify.dll /a /s >> "%userprofile%\desktop\look.txt"
A black box will open and a file will appear on your Desktop called look.txt.
Please wait until the black box closes before opening look.txt, then post the contents of look.txt in your next response.


Download Deckard's System Scanner (DSS)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply


Once complete, please post the look.txt output and both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Winotify

Unread postby deronde62 » January 18th, 2008, 11:55 am

Thanks for your help. Here are the results of the logs.

cmd /c dir c:\winotify.dll /a /s >> "%userprofile%\desktop\look.txt"

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 62%
Physical Memory (total/avail): 1023.29 MiB / 380.08 MiB
Pagefile Memory (total/avail): 2462.05 MiB / 1977.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.04 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 30.75 GiB free.
D: is Fixed (NTFS) - 111.79 GiB total, 32.49 GiB free.
E: is Fixed (NTFS) - 39.07 GiB total, 6.72 GiB free.
F: is Fixed (NTFS) - 34.18 GiB total, 1.35 GiB free.
G: is Fixed (NTFS) - 41.24 GiB total, 8.71 GiB free.
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is Fixed (NTFS) - 39.06 GiB total, 38.72 GiB free.
K: is Fixed (NTFS) - 33.66 GiB total, 33.6 GiB free.
L: is Fixed (DataPlowSFSZ) - 98.28 GiB total, 42.72 GiB free.
M: is Fixed (DataPlowSFSZ) - 71.87 GiB total, 24.49 GiB free.
N: is Fixed (DataPlowSFSZ) - 22.65 GiB total, 7.32 GiB free.
O: is Fixed (DataPlowSFSZ) - 19.99 GiB total, 19.99 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6B120M0 - 114.49 GiB - 3 partitions
\PARTITION0 - Extended w/Extended Int 13 - 114.48 GiB - E: - F: - G:

\\.\PHYSICALDRIVE0 - WDC WD1200JD-00HBB0 - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - D:

\\.\PHYSICALDRIVE2 - WDC WD12 00BB-22CAA0 SCSI Disk Device - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 72.72 GiB - J: - K:

\\.\PHYSICALDRIVE3 - Z-SAN Logical Volume - 100 GiB - 1 partition
\PARTITION0 - Installable File System - 100 GiB - L:

\\.\PHYSICALDRIVE4 - Z-SAN Logical Volume - 75 GiB - 1 partition
\PARTITION0 - Installable File System - 75 GiB - M:

\\.\PHYSICALDRIVE5 - Z-SAN Logical Volume - 19.99 GiB - 1 partition
\PARTITION0 - Installable File System - 19.99 GiB - O:

\\.\PHYSICALDRIVE6 - Z-SAN Logical Volume - 25 GiB - 1 partition
\PARTITION0 - Installable File System - 25 GiB - N:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=COMPUTERROOM
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David
LOGONSERVER=\\COMPUTERROOM
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\David\LOCALS~1\Temp
TMP=C:\DOCUME~1\David\LOCALS~1\Temp
USERDOMAIN=COMPUTERROOM
USERNAME=David
USERPROFILE=C:\Documents and Settings\David
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AppStream Technology Windows Edition Client --> MsiExec.exe /X{46B26804-569B-4355-9678-0DDF6ADCFB0F}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C-Media High Definition Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\hjt\HijackThis.exe" /uninstall
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" -uninst
Mavis Beacon Teaches Typing Deluxe 17 --> C:\WINDOWS\TLCUninstall.exe -f "C:\AppStreamCache\FltRoot\4022059699\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 17\Uninstall.xml"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
NETGEAR Storage Central Manager Utility --> "C:\Program Files\InstallShield Installation Information\{A3672E1B-021F-4F50-A891-609471CCF941}\setup.exe" -runfromtemp -l0x0009 -removeonly
Print Server Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Print Server\PTP\Uninst.isu"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type392 / Error
Event Submitted/Written: 01/18/2008 02:47:35 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3324 (0xcfc)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.13.3.2.116 / 5200.2160
Object being scanned = \Device\HarddiskVolume16\External Hard Drive\misc work doc\MicrosoftOffice2000 (1).EXE
by C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type390 / Error
Event Submitted/Written: 01/17/2008 02:13:24 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OUTLOOK.EXE, version 11.0.5510.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type371 / Warning
Event Submitted/Written: 01/17/2008 03:10:20 AM
Event ID/Source: 1005 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 21 days.

Event Record #/Type303 / Error
Event Submitted/Written: 01/14/2008 02:05:05 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 2924 (0xb6c)

Thread address : 0x7C90EB94

Thread message :

Build VSCORE.13.3.2.116 / 5200.2160
Object being scanned = \Device\HarddiskVolume9\External Hard Drive\misc work doc\MicrosoftOffice2000 (1).EXE
by C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Event Record #/Type284 / Warning
Event Submitted/Written: 01/13/2008 08:01:29 PM
Event ID/Source: 1005 / Windows Product Activation
Event Description:
Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 24 days.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2204 / Error
Event Submitted/Written: 01/18/2008 03:10:19 AM
Event ID/Source: 10010 / DCOM
Event Description:
The server {6A972E27-93E2-4F98-8367-4101B2073814} did not register with DCOM within the required timeout.

Event Record #/Type2168 / Error
Event Submitted/Written: 01/18/2008 02:47:36 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type2167 / Warning
Event Submitted/Written: 01/17/2008 02:22:01 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011092C770A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2038 / Warning
Event Submitted/Written: 01/16/2008 11:07:27 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0011092C770A. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type2027 / Warning
Event Submitted/Written: 01/16/2008 04:50:00 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.



-- End of Deckard's System Scanner: finished at 2008-01-18 10:47:20 ------------

Look.txt
Volume in drive C has no label.
Volume Serial Number is D8FE-DA0E

I hope I did everything correctly. Thank you for your time and assistance. It is greatly appreciated.

Dave
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am

Re: Winotify

Unread postby silver » January 18th, 2008, 11:26 pm

Hi deronde62,

Just one thing missing from your post - the main.txt report from DSS.exe. I'll tell you how to find that shortly.

First please do an online scan with Kaspersky:
Open Kaspersky Online Scanner in Internet Explorer
  • Click Accept and the web scanner will begin to load
  • If a yellow warning bar appears at the top of the browser, click it and choose Install ActiveX Control
  • You will be prompted to install an ActiveX component from Kaspersky, click Install
  • If you are prompted about another ActiveX control called Kaspersky Online Scanner GUI part then allow it to be installed also.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.


Then, find the DSS main.txt report as follows:

Press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
notepad "C:\Deckard\System Scanner\main.txt"
Please copy and paste the contents of the report into your next response.


Once complete, please post the main.txt and the Kaspersky report.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Winotify

Unread postby deronde62 » January 19th, 2008, 2:36 pm

Here are the reports

Main.txt

cmd /c dir c:\winotify.dll /a /s >> "%userprofile%\desktop\look.txt"

Kaspersky file

This file is extremely large. Should I post it here anyway?

Thank you again for your help.
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am

Re: Winotify

Unread postby silver » January 19th, 2008, 11:21 pm

Hi deronde62,

That main.txt isn't what I'm looking for, please make another one as follows:

  • Make sure DSS.exe is on your Desktop
  • Press the Start->Run, copy/paste the following command into the box and press OK:
    "%userprofile%\desktop\dss.exe" /config
  • A configuration box will appear, click the Check All button, and press Scan!

When the scan is complete, a new main.txt and extra.txt should appear, please post the new main.txt in your next response.


If the Kaspersky log is too large to post, you can upload it as follows:
Please open this page in your browser:
http://www.bleepingcomputer.com/submit- ... channel=32

Please fill in the link to topic field with a link to this topic
Press the Browse button, browse to the Kaspersky report file, press Open to select it and then Send File to upload it.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Winotify

Unread postby deronde62 » January 20th, 2008, 12:09 am

Deckard's System Scanner v20071014.68
Run by David on 2008-01-19 23:02:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:08 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\WINDOWS\system32\wpabaln.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\David\desktop\dss.exe
C:\hjt\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AppMgrGui] C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://notesdancl1.pb.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9734258265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9830912062
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O20 - Winlogon Notify: ASWLNDLL - C:\WINDOWS\SYSTEM32\ASWLNDLL.dll
O23 - Service: McAfee Application Installer Cleanup (0315941200801546) (0315941200801546mcinstcleanup) - McAfee, Inc. - C:\WINDOWS\TEMP\031594~1.EXE
O23 - Service: AWE 5.1.0 Application Manager (AppMgrService) - AppStream Inc. - C:\Program Files\AppStream\WindowsClient\bin\AppMgrService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe

--
End of file - 7191 bytes

-- Files created between 2007-12-19 and 2008-01-19 -----------------------------

2008-01-19 22:58:23 0 d-------- C:\WINDOWS\LastGood
2008-01-19 09:49:14 6432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-19 09:49:14 4359968 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 09:47:09 0 d-------- C:\Program Files\Kaspersky Lab
2008-01-19 09:47:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-19 09:46:43 0 d-------- C:\KAV
2008-01-18 11:00:48 0 dr-h----- C:\Documents and Settings\David\Recent
2008-01-18 10:30:13 0 d-------- C:\HJT
2008-01-14 12:43:12 0 d-------- C:\Documents and Settings\David\Application Data\Grisoft
2008-01-14 12:43:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 18:56:39 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 18:56:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-13 18:56:29 0 d-------- C:\Documents and Settings\David\Application Data\SUPERAntiSpyware.com
2008-01-13 09:59:04 0 d-------- C:\WINDOWS\McAfee.com
2008-01-12 16:25:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-09 11:36:32 12800 --a------ C:\WINDOWS\system32\drivers\ZetSFD.sys <Not Verified; Zetera Corporation; Z-SAN Storage Class Filter Driver>
2008-01-09 11:36:31 5120 --a------ C:\WINDOWS\system32\drivers\ZetMPD.sys <Not Verified; Zetera Corporation; Z-SAN SCSI miniport Driver>
2008-01-09 11:36:31 345984 --a------ C:\WINDOWS\system32\drivers\sfsz.sys <Not Verified; DataPlow, Incorporated; DataPlow SAN File System (SFS)>
2008-01-09 11:36:30 163927 --a------ C:\WINDOWS\system32\ZSANCoInst.dll
2008-01-09 11:36:30 15488 --a------ C:\WINDOWS\system32\drivers\ZetBus.sys <Not Verified; Zetera Corporation; Z-SAN Bus Driver>
2008-01-09 11:36:30 0 d-------- C:\Program Files\NETGEAR
2008-01-08 11:34:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-01-08 11:33:44 0 d-------- C:\Program Files\AppStream
2008-01-08 11:33:44 0 d-------- C:\AppStreamCache
2008-01-07 19:53:25 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-07 19:53:09 0 d-------- C:\Program Files\EPSON
2008-01-07 18:25:33 0 d-------- C:\Program Files\Common Files\L&H
2008-01-07 18:25:24 0 d-------- C:\Program Files\Microsoft.NET
2008-01-07 18:25:13 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-07 18:24:33 0 d-------- C:\Program Files\Microsoft Works
2008-01-07 18:24:06 0 d-------- C:\WINDOWS\SHELLNEW
2008-01-07 18:16:26 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2008-01-07 18:15:20 0 d-------- C:\Program Files\McAfee.com
2008-01-07 18:15:19 0 d-------- C:\Program Files\Common Files\McAfee
2008-01-07 18:15:10 0 d-------- C:\Program Files\McAfee
2008-01-07 17:33:03 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-07 17:30:12 0 d-------- C:\Documents and Settings\David\Application Data\Macromedia
2008-01-07 17:30:12 0 d-------- C:\Documents and Settings\David\Application Data\Adobe
2008-01-07 17:17:50 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-01-07 17:17:24 0 d-------- C:\WINDOWS\Prefetch
2008-01-07 16:55:19 0 d-------- C:\WINDOWS\peernet
2008-01-07 16:55:18 0 d-------- C:\WINDOWS\provisioning
2008-01-07 16:54:12 0 d-------- C:\WINDOWS\ServicePackFiles
2008-01-07 16:51:11 0 d-------- C:\WINDOWS\EHome
2008-01-07 16:24:46 0 d-------- C:\Program Files\Yahoo!
2008-01-07 16:24:41 0 d-------- C:\Program Files\CCleaner
2008-01-07 16:20:18 0 d-------- C:\Documents and Settings\David\Application Data\Leadertech
2008-01-07 16:02:59 26112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-07 15:49:13 73220 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-01-07 15:49:13 1140 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-01-07 15:49:13 1130 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-01-07 15:49:13 1137 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-01-07 15:49:13 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-01-07 15:49:13 1130 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-01-07 15:49:13 1140 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-01-07 15:49:13 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-01-07 15:49:13 15670 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-01-07 15:49:13 10673 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-01-07 15:49:13 21021 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-01-07 15:49:13 13280 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-01-07 15:49:13 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-01-07 15:49:13 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-01-07 15:49:12 29114 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-01-07 15:49:10 0 d-------- C:\Documents and Settings\David\Application Data\InstallShield
2008-01-07 15:42:20 49152 --a------ C:\WINDOWS\system32\PRTSERV.dll
2008-01-07 15:42:20 0 d-------- C:\Program Files\Print Server
2008-01-07 15:03:10 0 d-------- C:\WINDOWS\system32\PreInstall
2008-01-07 15:03:08 0 d--h----- C:\WINDOWS\$hf_mig$
2008-01-07 15:02:53 0 d-------- C:\WINDOWS\system32\bits
2008-01-07 14:31:29 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-01-07 14:30:55 0 d--hs---- C:\Documents and Settings\David\UserData
2008-01-07 14:30:27 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-01-07 14:26:48 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-01-07 14:26:47 111104 --a------ C:\WINDOWS\system32\lfpng70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:47 32768 --a------ C:\WINDOWS\system32\hpsj32.dll <Not Verified; Hewlett-Packard Company; HP ScanJet Scanners>
2008-01-07 14:26:47 32768 --a------ C:\WINDOWS\system32\hpgreg32.dll <Not Verified; Hewlett-Packard, GHC; Hewlett-Packard, GHC hpgreg32>
2008-01-07 14:26:46 350208 --a------ C:\WINDOWS\system32\ltkrn70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 55296 --a------ C:\WINDOWS\system32\ltfil70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 93184 --a------ C:\WINDOWS\system32\lftif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 24576 --a------ C:\WINDOWS\system32\lfpcx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 95232 --a------ C:\WINDOWS\system32\Lfkodak.dll
2008-01-07 14:26:46 32768 --a------ C:\WINDOWS\system32\lfgif70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 35328 --a------ C:\WINDOWS\system32\lffpx70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 306688 --a------ C:\WINDOWS\system32\Lffpx7.dll <Not Verified; ; Reference Implementation>
2008-01-07 14:26:46 55808 --a------ C:\WINDOWS\system32\lffax70n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 224768 --a------ C:\WINDOWS\system32\LFCMP70n.DLL <Not Verified; LEAD Technologies, Inc.; LEADTOOLS® DLL for Win32>
2008-01-07 14:26:46 667648 --a------ C:\WINDOWS\system32\ipeistor12.dll <Not Verified; Hewlett-Packard Company; IPEISTOR Dynamic Link Library>
2008-01-07 14:26:46 331776 --a------ C:\WINDOWS\system32\ipebase12.dll <Not Verified; Hewlett-Packard Company; IPEBASE Dynamic Link Library>
2008-01-07 14:26:46 77824 --a------ C:\WINDOWS\system32\ipeapi12.dll <Not Verified; Hewlett-Packard Company; IPEAPI Dynamic Link Library>
2008-01-07 14:26:18 0 d-------- C:\Program Files\Hewlett-Packard
2008-01-07 14:26:10 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-01-07 14:20:37 0 d-------- C:\Program Files\Intel
2008-01-07 14:19:32 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-07 14:19:24 0 d-------- C:\Program Files\Common Files\InstallShield
2008-01-07 14:16:41 712704 -ra------ C:\WINDOWS\system32\Audio3D.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-01-07 14:16:41 296 -ra------ C:\WINDOWS\Speaker.bin
2008-01-07 14:16:41 472 -ra------ C:\WINDOWS\Microphone.bin
2008-01-07 14:16:41 256 -ra------ C:\WINDOWS\LineIn.bin
2008-01-07 14:16:41 200 -ra------ C:\WINDOWS\Headphone.bin
2008-01-07 14:16:40 712704 -ra------ C:\WINDOWS\system32\a3d.dll <Not Verified; Sensaura Ltd; Sensaura>
2008-01-07 14:16:37 53248 -ra------ C:\WINDOWS\system32\cmudax.dll <Not Verified; C-Media; C-Media cmuda.dll>
2008-01-07 14:16:37 917504 -ra------ C:\WINDOWS\system\cmids3d.dll <Not Verified; C-Media Electronics Inc.; C-Media Cmids3d>
2008-01-07 14:16:36 16384 -ra------ C:\WINDOWS\system32\udaprop.dll <Not Verified; C-Media Corporation; CMI8738/CMI9738/CMI9739 Audio Device>
2008-01-07 14:16:36 1128320 -ra------ C:\WINDOWS\system32\drivers\cmudax.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
2008-01-07 14:16:36 233472 -ra------ C:\WINDOWS\system32\cmirmdrv.exe <Not Verified; ; CmiRemoveDriver Application>
2008-01-07 14:16:36 28672 -ra------ C:\WINDOWS\system32\cmirmdrv.dll
2008-01-07 14:16:34 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-01-07 01:00:36 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-01-07 00:58:10 0 d--hs---- C:\WINDOWS\Installer
2008-01-07 00:58:07 0 d-------- C:\Documents and Settings\David\Application Data\Identities
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\Templates
2008-01-07 00:57:57 0 dr------- C:\Documents and Settings\David\Start Menu
2008-01-07 00:57:57 0 dr-h----- C:\Documents and Settings\David\SendTo
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\PrintHood
2008-01-07 00:57:57 2883584 --ah----- C:\Documents and Settings\David\NTUSER.DAT
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\NetHood
2008-01-07 00:57:57 0 dr------- C:\Documents and Settings\David\My Documents
2008-01-07 00:57:57 0 d--h----- C:\Documents and Settings\David\Local Settings
2008-01-07 00:57:57 0 dr------- C:\Documents and Settings\David\Favorites
2008-01-07 00:57:57 0 d-------- C:\Documents and Settings\David\Desktop
2008-01-07 00:57:57 0 d--hs---- C:\Documents and Settings\David\Cookies
2008-01-07 00:57:57 0 dr-h----- C:\Documents and Settings\David\Application Data
2008-01-07 00:56:12 0 d--hs---- C:\System Volume Information
2008-01-07 00:56:10 1572864 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-01-07 00:56:10 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-01-07 00:56:10 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-01-07 00:56:10 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-01-07 00:56:10 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-01-07 00:56:10 1572864 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-01-07 00:56:10 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-01-07 00:56:10 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-01-07 00:56:10 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-01-07 00:56:10 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-01-07 00:53:55 0 d-------- C:\WINDOWS\system32\xircom
2008-01-07 00:53:55 0 d-------- C:\Program Files\microsoft frontpage
2008-01-07 00:53:53 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-01-07 00:53:51 0 -rahs---- C:\MSDOS.SYS
2008-01-07 00:53:51 0 -rahs---- C:\IO.SYS
2008-01-07 00:53:51 0 --a------ C:\CONFIG.SYS
2008-01-07 00:53:51 0 --a------ C:\AUTOEXEC.BAT
2008-01-07 00:53:14 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-01-07 00:53:06 0 dr------- C:\WINDOWS\Offline Web Pages
2008-01-07 00:53:06 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-01-07 00:52:46 0 d-------- C:\WINDOWS\system32\DirectX
2008-01-07 00:52:11 0 d---s---- C:\WINDOWS\Tasks
2008-01-07 00:52:09 0 d-------- C:\Program Files\Common Files\MSSoap
2008-01-07 00:52:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-01-07 00:52:05 0 d-------- C:\WINDOWS\srchasst
2008-01-07 00:52:04 0 d-------- C:\Program Files\Movie Maker
2008-01-07 00:52:00 0 d-------- C:\WINDOWS\system32\Restore
2008-01-07 00:52:00 0 d-------- C:\WINDOWS\PCHealth
2008-01-07 00:51:51 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-07 00:51:48 0 d-------- C:\WINDOWS\Registration
2008-01-07 00:51:32 0 d--h----- C:\Program Files\WindowsUpdate
2008-01-07 00:51:32 0 d-------- C:\Program Files\Online Services
2008-01-07 00:51:30 0 d-------- C:\Program Files\Messenger
2008-01-07 00:51:26 0 d-------- C:\Program Files\MSN Gaming Zone
2008-01-07 00:50:58 0 d-------- C:\Program Files\Windows NT
2008-01-07 00:50:55 0 d-------- C:\WINDOWS\system32\MsDtc
2008-01-07 00:50:55 0 d-------- C:\WINDOWS\system32\Com
2008-01-06 19:46:24 0 d-------- C:\Program Files\Common Files\ODBC
2008-01-06 19:46:21 0 dr------- C:\Program Files
2008-01-06 19:46:21 0 d-------- C:\Program Files\Common Files
2008-01-06 19:46:21 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-01-06 19:46:00 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-01-06 19:46:00 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-01-06 19:46:00 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-01-06 19:46:00 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-01-06 19:46:00 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-01-06 19:46:00 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-01-06 19:46:00 0 dr------- C:\Documents and Settings\All Users\Documents
2008-01-06 19:46:00 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-01-06 19:45:50 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-01-06 19:45:50 0 d-------- C:\WINDOWS\system32\CatRoot
2008-01-06 19:45:44 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-01-06 19:45:44 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-01-06 19:45:44 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-01-06 19:45:44 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-01-06 19:45:23 0 d-------- C:\Documents and Settings
2008-01-06 19:41:16 0 d-------- C:\WINDOWS\OemDir
2008-01-06 19:41:14 0 d-------- C:\WINDOWS
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\WinSxS
2008-01-06 19:41:14 0 dr------- C:\WINDOWS\Web
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\twain_32
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\wins
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\wbem
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\usmt
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\spool
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\ShellExt
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\Setup
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\ras
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\oobe
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\npp
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\mui
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\inetsrv
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\IME
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\icsxml
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\ias
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\export
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\drivers
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-01-06 19:41:14 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\dhcp
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\config
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\3076
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\2052
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1054
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1042
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1041
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1037
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1033
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1031
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1028
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system32\1025
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\system
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\security
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Resources
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\repair
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\mui
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\msapps
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\msagent
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Media
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\java
2008-01-06 19:41:14 0 d--h----- C:\WINDOWS\inf
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\ime
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Help
2008-01-06 19:41:14 0 dr--s---- C:\WINDOWS\Fonts
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Driver Cache
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Debug
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Cursors
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Connection Wizard
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\Config
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\AppPatch
2008-01-06 19:41:14 0 d-------- C:\WINDOWS\addins


-- Find3M Report ---------------------------------------------------------------

2008-01-06 19:46:00 62 --ahs---- C:\Documents and Settings\David\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 04:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"Cmaudio"="cmicnfg.cpl" []
"AppMgrGui"="C:\Program Files\AppStream\WindowsClient\bin\exeForService.exe" [09/27/2006 07:49 PM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe" [11/19/2007 02:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ASWLNDLL]
ASWLNDLL.dll 05/13/2007 09:45 PM 6656 C:\WINDOWS\system32\ASWLNDLL.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.EXE" /background
"EPSON Stylus Photo 1400 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\WINDOWS\TEMP\E_S485.tmp" /EF "HKCU"




-- End of Deckard's System Scanner: finished at 2008-01-19 23:03:13 ------------
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am

Re: Winotify

Unread postby silver » January 20th, 2008, 12:41 am

Hi deronde62,

Your DSS log looks good :)

It appears that you have installed Kaspersky SOS. Please do not use this program to make the Kaspersky report which I have asked for. Instead, use the instructions and link I have posted and use the online scanner to make a log.

Please post the log when you are ready, or upload it if it is too large.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Winotify

Unread postby deronde62 » January 20th, 2008, 1:51 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 12:48:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 524777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
O:\

Scan Statistics:
Total number of scanned objects: 199690
Number of viruses found: 14
Number of infected objects: 30
Number of suspicious objects: 0
Duration of the scan process: 03:44:25

Infected Object Name / Virus Name / Last Action
C:\AppStreamCache\Logs\KMLog_APPSTREAM3.log Object is locked skipped
C:\AppStreamCache\Logs\KMLog_RegHook1.log Object is locked skipped
C:\AppStreamCache\Logs\KMLog_Vspd1.log Object is locked skipped
C:\AppStreamCache\Logs\MgrLog.nam Object is locked skipped
C:\AppStreamCache\Logs\MgrLog33.txt Object is locked skipped
C:\AppStreamCache\VOFDT\0-0.bin Object is locked skipped
C:\AppStreamCache\VOFDT\AppsBlockDB.bin Object is locked skipped
C:\AppStreamCache\VOFDT\AppsBlockDBIndex.bin Object is locked skipped
C:\AppStreamCache\VOFDT\EFBBC2B3-1.bin Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\David\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\History\History.IE5\MSHist012008012020080121\index.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Log.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{1F56009B-87A4-4E6B-AD64-7A83A00435F6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\Z-SANService.log Object is locked skipped
C:\WINDOWS\Temp\mcafee_aE4Pzw3y0f3ox8u Object is locked skipped
C:\WINDOWS\Temp\mcmsc_aRShBsITf1qAFS7 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_DQfhPTTDTwbdctG Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7bc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001353.exe/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
D:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001353.exe WiseSFX: infected - 1 skipped
D:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001353.exe WiseSFXDropper: infected - 1 skipped
D:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped
G:\Old Drve\David\My Documents\SmileyCentralPFSetup2.2.60.11-2.ZNfox000.exe/mwsSetup.CommonCodebase.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bc skipped
G:\Old Drve\David\My Documents\SmileyCentralPFSetup2.2.60.11-2.ZNfox000.exe CAB: infected - 1 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0011/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0011/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0011 Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0013 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0014/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0014/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0014/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0014 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe/data0019 Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001406.exe Inno: infected - 9 skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0015.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0015.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0016.BIN/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0016.BIN/v2.0.4a.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0016.BIN/v2.0.4a.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0016.BIN/v2.0.4a.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0016.BIN/v2.0.4a.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0017.BIN/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0017.BIN/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.e skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0017.BIN/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.BargainBuddy.h skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.EZula.o skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP4\A0001407.exe WiseSFX: infected - 14 skipped
G:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped
K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
K:\System Volume Information\_restore{39086ED8-A724-4AA3-B0E7-012BB485BCF4}\RP6\change.log Object is locked skipped

Scan process completed.
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am

Re: Winotify

Unread postby silver » January 20th, 2008, 9:25 pm

Hi deronde62,

Please use Windows Explorer (right-click Start, select Explore) to find and delete the following file:
G:\Old Drve\David\My Documents\SmileyCentralPFSetup2.2.60.11-2.ZNfox000.exe



We still have some infected restore points to clean, but otherwise your machine appears to be clean.
How is your machine running now and have you had any more unusual events in Outlook?
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Winotify

Unread postby deronde62 » January 20th, 2008, 11:06 pm

I deleted the file with no problem. I still have a problem with outlook, but it might be something in the program itself. When I first open outlook, it takes a while to open the first email message. But the second, third, etc. open normally. The remainder of the pc appears to be running OK.

I read the Kaspersky report and attempted to delete some of the restore files on the g drive. i did not have much luck. I kept receiving a message that access was denied.

One question, I have McAfee Security Suite (free with my Comcast subscription). Over the past three days, I must have received 10 updates from them, and then the prompt to restart the computer after each update. Are these actual updates from McAfee or could this be a virus? I have had McAfee for well over a year and never had this many updates in this short period of time.

In appreciation for your services, I will be making a donation to this site. Your time and effort, as well as your excellent advice is greatly appreciated.

Dave
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am

Re: Winotify

Unread postby silver » January 20th, 2008, 11:41 pm

Hi deronde62,

Re Outlook:
I'm no Outlook expert, but do you have it set to use Word as your email editor? If so it could be slow loading the first email because it needs to load the Word editing engine into memory - in this case a delay opening the first email would be normal. If you would like further assistance with this then I'd recommend posting on a PC troubleshooting site like PC Pitstop which specialize in this type of issue.

Re malware in System Restore
Yes, don't worry we'll take care of those shortly.

Re McAfee Updates:
I don't think there is a problem with McAfee, and it would be extremely unlikely to be related to malware. Check the Event History or Log for communication/update errors but if there are no problems listed then it's probably working fine. If you wish to follow it up further I'd suggest contacting McAfee/Comcast customer support about the issue.

In appreciation for your services, I will be making a donation to this site. Your time and effort, as well as your excellent advice is greatly appreciated.
You're most welcome and on behalf of the site thank you very much for the donation - it is much appreciated :)

Some important final steps:

You can now delete dss.exe from your Desktop, also delete this folder:
C:\Deckard


Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm


Here are some tips to help you keep your computer clean:

Operating system vulnerabilities can easily be exploited by malware so please ensure your operating system is automatically kept up to date by using Windows Update:
Go to Start->Control Panel->Automatic Updates
Select Automatic and select a suitable schedule
Also, check that your antivirus and antispyware programs are set to automatically update daily.

Spywareblaster is a free program which prevents the download and installation of Internet Explorer ActiveX based malware by immunizing your system against it. You can download Spywareblaster from here and a tutorial to help you get started is available here.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malwareremoval.com/viewtopic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Re: Winotify

Unread postby deronde62 » January 21st, 2008, 1:50 am

Again, Thank you for all your help. I always had success with McAfee and Spybot, or least I thought I did. I will use the programs you suggested and hopefully stay virus free.

Thanks again.

Dave
deronde62
Active Member
 
Posts: 8
Joined: January 14th, 2008, 12:12 am

Re: Winotify

Unread postby silver » January 21st, 2008, 2:25 am

You're very welcome and best of luck!



This topic is now closed. If you wish it reopened, please send an email to 'admin at malwareremoval.com' with a link to your thread.

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

You can help support this site from this link :
Donations For Malware Removal
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware