Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Getting WinDV.exe Error on Boot

  • 28-08-2007 5:41am
    #1
    All2
    Closed Accounts Posts: 1


    When I boot my computer I get a "missing windv.exe" error. My virus scanner also pops up with "trojan downloader viruses." I downloaded hijackthis and saved my log.

    I have no idea what i am looking at. My computer will eventually freeze up and i will need to reboot. No matter what i do with these "trojan downloader's" they always pop back up upon reboot.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:29:56 PM, on 8/27/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Shaw Secure\Common\FSM32.EXE
    C:\WINDOWS\System32\nrksn.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\help.exe
    C:\WINDOWS\System32\NSecurity.exe
    C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\Shaw Secure\Common\FSMB32.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Shaw Secure\Common\FCH32.EXE
    C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
    C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
    C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
    C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
    C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
    C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
    C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\nrksn.exe
    O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
    O4 - HKLM\..\Run: [MSDNN] C:\WINDOWS\help.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
    O4 - HKCU\..\Run: [MSDNN] C:\WINDOWS\help.exe
    O4 - HKUS\S-1-5-18\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'Default user')
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe (file missing)

    --
    End of file - 4876 bytes


Comments

  • #2
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You have quite a few nasty infections, do this

    Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log



    Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.

    @echo off
sc stop "Windows Drivers Version"
sc delete "Windows Drivers Version"
exit


    Click on 'File' then 'Save As'
    In the Save in drop down box select Desktop
    In the File name box type in FixService.bat
    In the Save as type drop down box select All Files
    Close Notepad.

    Now, find FixService.bat on your Desktop and Double click it
    A window will open and close, do not be concerned this is normal.



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\nrksn.exe
    O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
    O4 - HKLM\..\Run: [MSDNN] C:\WINDOWS\help.exe
    O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
    O4 - HKCU\..\Run: [MSDNN] C:\WINDOWS\help.exe
    O4 - HKUS\S-1-5-18\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'Default user')
    O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe (file missing)


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Please download OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\System32\iexplore.exe
      C:\WINDOWS\System32\nrksn.exe
      C:\WINDOWS\System32\NSecurity.exe
      C:\WINDOWS\help.exe
      C:\WINDOWS\WinDV.exe

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

    Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.



    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



    So in your next reply I need to see the following : the SDFix report, the OTMoveIt results, the two DSS texts in full, and tell me how your PC is running now and if you had any problems.


  • #3
    trip_3c
    Closed Accounts Posts: 4 trip_3c


    Well even I encountered the same problem. A windv.exe used to get popped up during startup
    and my system used to get restarted after a while(2-3 min).
    After following the above steps I was able to eradicate the windv.exe problem but the
    restarting of my system continues.
    When the system gets restarted a window explorer error pops up(Windows Explorer encountered
    a problem and needs to ) with the following details:
    AppName-explorer.exe
    AppVer-6.0.2800.1106
    ModName-advapi32.dll
    ModVer-5.1.2600.1106
    Offset-00000426



    The reports are as follows:
    SDFix report

    SDFix: Version 1.100

    Run by CB SINGH on Wed 08/29/2007 at 08:22 PM

    Microsoft Windows XP [Version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Name:
    ntio256
    runtime

    ImagePath:
    \??\C:\WINDOWS\System32\ntio256.sys
    \??\C:\WINDOWS\System32\drivers\runtime.sys

    ntio256 - Deleted
    runtime - Deleted


    C:\WINDOWS\system32\Microsoft\backup.ftp Found
    C:\WINDOWS\system32\Microsoft\backup.tftp Found

    Checking files:

    Genuine:
    C:\WINDOWS\system32\Microsoft\backup.ftp
    C:\WINDOWS\system32\Microsoft\backup.tftp

    Dummy:
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\system32\dllcache\ftp.exe
    C:\WINDOWS\system32\dllcache\tftp.exe

    Files copied to SDFix\Backups

    Restoring files if backups are found

    Final Check:

    Genuine:
    C:\WINDOWS\system32\Microsoft\backup.ftp
    C:\WINDOWS\system32\Microsoft\backup.tftp
    C:\WINDOWS\system32\ftp.exe
    C:\WINDOWS\system32\tftp.exe
    C:\WINDOWS\system32\dllcache\ftp.exe
    C:\WINDOWS\system32\dllcache\tftp.exe

    Dummy:



    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Service runtime2 - Deleted after Reboot

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
    C:\413728~1 - Deleted
    C:\Documents and Settings\CB SINGH\Start Menu\Programs\Startup\MSWin--393324980.exe -

    Deleted
    C:\Program Files\Common Files\delsim\del.exe - Deleted
    C:\d.exe - Deleted
    C:\wintemp.log - Deleted
    C:\WINDOWS\avp.exe - Deleted
    C:\WINDOWS\mgrs.exe - Deleted
    C:\WINDOWS\system32\6_exception.nls - Deleted
    C:\WINDOWS\system32\Kernel32.exe - Deleted
    C:\WINDOWS\system32\kr_done1 - Deleted
    C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
    C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
    C:\WINDOWS\system32\ntio256.sys - Deleted
    C:\WINDOWS\system32\protector.exe - Deleted
    C:\WINDOWS\Temp\startdrv.exe - Deleted
    C:\WINDOWS\system32\drivers\runtime2.sys - Deleted


    Folder C:\Program Files\Common Files\delsim - Removed

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.



    Final Check:

    Remaining Services:



    Authorized Application Key Export:

    Remaining Files:

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\BIT1C.tmp
    C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BITA.tmp
    C:\WINDOWS\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\BITD.tmp
    C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BIT40.tmp
    C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BITE.tmp
    C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT34.tmp
    C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\BIT9.tmp
    C:\WINDOWS\SoftwareDistribution\Download\15c0ab260081ce840e2b252751d01b80\BIT30.tmp
    C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\BIT15.tmp
    C:\WINDOWS\SoftwareDistribution\Download\1e0d5826a4592cc6d08a9c51de1deab1\BIT17.tmp
    C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT31.tmp
    C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\BIT22.tmp
    C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\BIT25.tmp
    C:\WINDOWS\SoftwareDistribution\Download\32cc777251e695000c46eaf909a80b37\BIT12.tmp
    C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\BIT1F.tmp
    C:\WINDOWS\SoftwareDistribution\Download\33dda7a9fdd16ad3949443f62d248f25\BIT2C.tmp
    C:\WINDOWS\SoftwareDistribution\Download\3becf78026ee8bb0c18f61c3d3645cb6\BITC.tmp
    C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\BIT2D.tmp
    C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT35.tmp
    C:\WINDOWS\SoftwareDistribution\Download\4a882309d56e564894505aaa60eac9b1\BIT24.tmp
    C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\BIT39.tmp
    C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT33.tmp
    C:\WINDOWS\SoftwareDistribution\Download\512e19b377bd5d52a1e190ecbd7a83eb\BIT1B.tmp
    C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\BIT20.tmp
    C:\WINDOWS\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\BITB.tmp
    C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\BIT3C.tmp
    C:\WINDOWS\SoftwareDistribution\Download\587d85e782ae94381c309d8add64e1a0\BIT11.tmp
    C:\WINDOWS\SoftwareDistribution\Download\65cd5bd54188e653414d6e2035b6edfb\BIT2E.tmp
    C:\WINDOWS\SoftwareDistribution\Download\694301dbfd149d8645046cbc0b1067e8\BIT13.tmp
    C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT41.tmp
    C:\WINDOWS\SoftwareDistribution\Download\71c02bde984543df4e0eb833332b8a16\BIT7.tmp
    C:\WINDOWS\SoftwareDistribution\Download\791153f24e30cff9e2b19e146f3029a9\BIT1E.tmp
    C:\WINDOWS\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\BIT1D.tmp
    C:\WINDOWS\SoftwareDistribution\Download\837a8691e43011f909e4b3e192fe1437\BIT36.tmp
    C:\WINDOWS\SoftwareDistribution\Download\85fabe342f5808f4164862c06168055d\BIT16.tmp
    C:\WINDOWS\SoftwareDistribution\Download\8aba0967f899f346d112e436c1f1b5c7\BIT23.tmp
    C:\WINDOWS\SoftwareDistribution\Download\8b20f1a9610d239c2680847de8fa139a\BIT3A.tmp
    C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT8.tmp
    C:\WINDOWS\SoftwareDistribution\Download\a099dfb7d5d88247579330743c8014f3\BIT29.tmp
    C:\WINDOWS\SoftwareDistribution\Download\a1958c12079db3dbba3db562fc08c81b\BIT3D.tmp
    C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\BIT10.tmp
    C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT3F.tmp
    C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\BITF.tmp
    C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\BIT14.tmp
    C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT43.tmp
    C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\BIT26.tmp
    C:\WINDOWS\SoftwareDistribution\Download\cddbefa165dabeb577b6952c247eddf9\BIT21.tmp
    C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\BIT37.tmp
    C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\BIT3E.tmp
    C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\BIT2B.tmp
    C:\WINDOWS\SoftwareDistribution\Download\d4c8781e1d18b4040768e6b1e10d77cf\BIT1A.tmp
    C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\BIT18.tmp
    C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT38.tmp
    C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\BIT42.tmp
    C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\BIT2F.tmp
    C:\WINDOWS\SoftwareDistribution\Download\f934b30a3337b488590ef3c1f3bbfd68\BIT2A.tmp
    C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\BIT19.tmp
    C:\WINDOWS\SoftwareDistribution\Download\fa53e640686f7f15b5ee3f532304b804\BIT28.tmp

    Finished
    =======================================

    OTMoveIt report
    File/Folder C:\WINDOWS\System32\iexplore.exe not found.
    File/Folder C:\WINDOWS\System32\nrksn.exe not found.
    File/Folder C:\WINDOWS\System32\NSecurity.exe not found.
    File/Folder C:\WINDOWS\help.exe not found.
    File/Folder C:\WINDOWS\WinDV.exe not found.

    Created on 08/29/2007 20:39:28

    ==========================================

    DSS texts(main.txt)
    Deckard's System Scanner v20070826.66
    Run by CB SINGH on 2007-08-29 20:52:38
    Computer is in Normal Mode.

    -- System Restore



    -- Last 5 Restore Point(s) --
    17: 2007-08-29 15:12:50 UTC - RP17 - Deckard's System Scanner Restore Point
    16: 2007-08-28 17:20:39 UTC - RP16 - Installed Windows XP KB898461.
    15: 2007-08-28 17:20:14 UTC - RP15 - Installed Windows Installer KB893803v2.
    14: 2007-08-28 17:17:53 UTC - RP14 - Installed Windows XP KB842773.
    13: 2007-08-28 17:17:40 UTC - RP13 - Software Distribution Service 3.0


    -- First Restore Point --
    1: 2007-08-23 16:14:21 UTC - RP1 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.

    Total Physical Memory: 247 MiB (512 MiB recommended).


    -- HijackThis (run as CB SINGH.exe)

    Unable to find log (file not found); running clone.
    -- HijackThis Clone

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-08-29 20:57:30
    Platform: Windows XP Service Pack 1 (5.01.2600)
    MSIE: Internet Explorer (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
    C:\Program Files\HHVcdV5Sys\VC5SecS.exe
    C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
    C:\Program Files\McAfee\McAfee VirusScan\vshwin32.exe
    C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\update\update.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\CB SINGH\Desktop\dss.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\CB SINGH.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

    Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -

    {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

    C:\WINDOWS\system32\msdxm.ocx
    O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program

    Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
    O4 - HKEY_LOCAL_MACHINE\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared

    Components\Guardian\CMGrdian.exe" /SU
    O4 - HKEY_LOCAL_MACHINE\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common

    Files\Ahead\Lib\NeroCheck.exe
    O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared

    Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
    O4 - Startup: MSWin-262856538.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

    Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

    C:\WINDOWS\Web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

    C:\WINDOWS\Web\related.htm
    O16 - DPF: {10003000-1000-0000-1000-000000000000} () -

    ms-its:mhtml:file://C:\\foo.mht!http://85.255.118.43/data/on.chm::/on.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

    Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

    http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1

    188322138718
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{07B9B5FD-D792-452D-9F38-831953D3D316}: NameServer =

    85.255.114.20,85.255.112.175
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6F850F1-2F19-4E4A-BCFF-E804F83DB6FF}: NameServer =

    85.255.114.20,85.255.112.175
    O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
    O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common

    Files\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program

    Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - "C:\Program

    Files\McAfee\McAfee VirusScan\Avsynmgr.exe"
    O23 - Service: McShield - Unknown owner - "C:\Program Files\Common Files\Network

    Associates\McShield\Mcshield.exe"
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero

    BackItUp\NBService.exe
    O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program

    Files\HHVcdV5Sys\VC5SecS.exe



    -- File Associations

    All associations okay.


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R1 smtpdrv - c:\windows\system32\drivers\smtpdrv.sys <Not Verified; NT Kernel Resources;

    NDIS packet redirector driver>
    R1 vbev5mp - c:\windows\system32\drivers\vbev5mp.sys <Not Verified; H+H Software GmbH;

    Virtual CD>
    R3 slnt (Real RTL8139 PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys <Not

    Verified; Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 AvSynMgr (AVSync Manager) - "c:\program files\mcafee\mcafee virusscan\avsynmgr.exe" <Not

    Verified; Network Associates, Inc.; VirusScan Home Edition>
    R2 VC5SecS (Virtual CD v5 Security service) - c:\program files\hhvcdv5sys\vc5secs.exe <Not

    Verified; H+H Software GmbH; Virtual CD>

    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


    -- Device Manager: Disabled

    No disabled devices found.


    -- Scheduled Tasks

    2007-08-29 20:00:00 350 --a
    C:\WINDOWS\Tasks\At21.job
    2007-08-28 23:00:00 350 --a
    C:\WINDOWS\Tasks\At24.job
    2007-08-28 22:00:00 350 --a
    C:\WINDOWS\Tasks\At23.job
    2007-08-28 21:00:00 350 --a
    C:\WINDOWS\Tasks\At22.job
    2007-08-27 12:00:08 350 --a
    C:\WINDOWS\Tasks\At13.job
    2007-08-27 11:01:49 350 --a
    C:\WINDOWS\Tasks\At12.job
    2007-08-26 17:01:51 350 --a
    C:\WINDOWS\Tasks\At18.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At9.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At8.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At7.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At6.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At5.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At4.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At3.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At20.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At2.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At19.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At17.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At16.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At15.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At14.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At11.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At10.job
    2007-08-26 16:18:59 350 --a
    C:\WINDOWS\Tasks\At1.job


    -- Files created between 2007-07-29 and 2007-08-29

    2007-08-29 20:54:24 0 d
    C:\Program Files\Trend Micro
    2007-08-29 20:21:39 0 d
    C:\WINDOWS\ERUNT
    2007-08-29 20:19:10 0 d--h
    C:\Documents and Settings\Administrator\Templates
    2007-08-29 20:19:10 0 dr
    C:\Documents and Settings\Administrator\Start Menu
    2007-08-29 20:19:10 0 dr-h
    C:\Documents and Settings\Administrator\SendTo
    2007-08-29 20:19:10 0 d--h
    C:\Documents and Settings\Administrator\Recent
    2007-08-29 20:19:10 0 d--h
    C:\Documents and Settings\Administrator\PrintHood
    2007-08-29 20:19:10 524288 --ah
    C:\Documents and Settings\Administrator\NTUSER.DAT
    2007-08-29 20:19:10 0 d--h
    C:\Documents and Settings\Administrator\NetHood
    2007-08-29 20:19:10 0 d
    C:\Documents and Settings\Administrator\My Documents
    2007-08-29 20:19:10 0 d--h
    C:\Documents and Settings\Administrator\Local

    Settings
    2007-08-29 20:19:10 0 d
    C:\Documents and Settings\Administrator\Favorites
    2007-08-29 20:19:10 0 d
    C:\Documents and Settings\Administrator\Desktop
    2007-08-29 20:19:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
    2007-08-29 20:19:10 0 dr-h
    C:\Documents and Settings\Administrator\Application

    Data
    2007-08-29 20:19:10 0 d---s---- C:\Documents and Settings\Administrator\Application

    Data\Microsoft
    2007-08-28 22:50:40 0 d
    C:\WINDOWS\System32\PreInstall
    2007-08-28 22:50:36 0 d--h
    C:\WINDOWS\$hf_mig$
    2007-08-28 22:49:28 0 d
    C:\WINDOWS\System32\bits
    2007-08-28 19:17:32 12385 --a
    C:\nptlfp.exe
    2007-08-27 12:47:42 52224 --a
    C:\j7q1c4v1i6s4.exe
    2007-08-27 11:49:12 94208 --a
    C:\WINDOWS\System32\MailSpectre.exe
    2007-08-27 11:49:12 18176 --a
    C:\WINDOWS\System32\drivers\smtpdrv.sys <Not

    Verified; NT Kernel Resources; NDIS packet redirector driver>
    2007-08-27 11:47:25 6657 --a
    C:\WINDOWS\System32\Ceaiimhq.dll
    2007-08-27 11:46:51 7455 --a
    C:\45m.exe
    2007-08-27 10:54:24 0 d
    C:\WINDOWS\System32\SoftwareDistribution
    2007-08-27 10:51:56 0 d
    C:\WINDOWS\SoftwareDistribution
    2007-08-26 23:03:49 0 d
    C:\Documents and Settings\All Users\Application

    Data\Windows Genuine Advantage
    2007-08-26 17:10:53 84992 --a
    C:\WINDOWS\WebAssist.dll <Not Verified; ; WebAssist>
    2007-08-26 16:29:16 2560 --a
    C:\WINDOWS\_MSRSTRT.EXE
    2007-08-26 01:27:37 0 d-a
    C:\Documents and Settings\All Users\Application

    Data\TEMP
    2007-08-26 01:05:47 0 d
    C:\Program Files\Common Files\xing shared
    2007-08-26 01:04:59 0 d
    C:\Program Files\Common Files\Real
    2007-08-26 01:04:48 0 d
    C:\Program Files\Real
    2007-08-26 01:04:01 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\Real
    2007-08-26 00:45:35 50688 --a
    C:\WINDOWS\System32\wbhelp2.dll <Not Verified;

    Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
    2007-08-24 03:58:51 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\Ahead
    2007-08-24 03:56:21 0 d
    C:\Program Files\Nero
    2007-08-24 03:56:21 0 d
    C:\Program Files\Common Files\Ahead
    2007-08-24 03:55:00 0 d
    C:\WINDOWS\RegisteredPackages
    2007-08-24 03:54:11 1769472 --a
    C:\WINDOWS\System32\dxdiagn.dll <Not Verified;

    Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-08-24 03:54:11 1703936 --a
    C:\WINDOWS\System32\d3d9.dll <Not Verified;

    Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-08-24 02:42:15 0 d
    C:\Program Files\Common Files\ODBC
    2007-08-24 02:42:12 0 dr
    C:\Program Files
    2007-08-24 02:42:12 0 d
    C:\Program Files\Common Files
    2007-08-24 02:42:12 0 d
    C:\Program Files\Common Files\SpeechEngines
    2007-08-24 02:41:52 0 d--h
    C:\Documents and Settings\Default User\Templates
    2007-08-24 02:41:52 0 dr
    C:\Documents and Settings\Default User\Start Menu
    2007-08-24 02:41:52 0 dr-h
    C:\Documents and Settings\Default User\SendTo
    2007-08-24 02:41:52 0 d--h
    C:\Documents and Settings\Default User\Recent
    2007-08-24 02:41:52 0 d--h
    C:\Documents and Settings\Default User\PrintHood
    2007-08-24 02:41:52 0 d--h
    C:\Documents and Settings\Default User\NetHood
    2007-08-24 02:41:52 0 d
    C:\Documents and Settings\Default User\My Documents
    2007-08-24 02:41:52 0 dr-h
    C:\Documents and Settings\Default User\Local

    Settings
    2007-08-24 02:41:52 0 d
    C:\Documents and Settings\Default User\Favorites
    2007-08-24 02:41:52 0 d
    C:\Documents and Settings\Default User\Desktop
    2007-08-24 02:41:52 0 d---s---- C:\Documents and Settings\Default User\Cookies
    2007-08-24 02:41:52 0 d--h
    C:\Documents and Settings\All Users\Templates
    2007-08-24 02:41:52 0 dr
    C:\Documents and Settings\All Users\Start Menu
    2007-08-24 02:41:52 0 d
    C:\Documents and Settings\All Users\Favorites
    2007-08-24 02:41:52 0 dr
    C:\Documents and Settings\All Users\Documents
    2007-08-24 02:41:52 0 d
    C:\Documents and Settings\All Users\Desktop
    2007-08-24 02:41:40 0 d
    C:\WINDOWS\System32\CatRoot2
    2007-08-24 02:41:40 0 d
    C:\WINDOWS\System32\CatRoot
    2007-08-24 02:41:35 0 dr-h
    C:\Documents and Settings\Default User\Application

    Data
    2007-08-24 02:41:35 0 d---s---- C:\Documents and Settings\Default User\Application

    Data\Microsoft
    2007-08-24 02:41:35 0 dr-h
    C:\Documents and Settings\All Users\Application Data
    2007-08-24 02:41:35 0 d---s---- C:\Documents and Settings\All Users\Application

    Data\Microsoft
    2007-08-24 02:41:21 0 d
    C:\Documents and Settings
    2007-08-24 02:37:54 0 d
    C:\WINDOWS
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\WinSxS
    2007-08-24 02:37:54 0 dr
    C:\WINDOWS\Web
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\twain_32
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\system32
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\wins
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\wbem
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\usmt
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\spool
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\ShellExt
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\Setup
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\ras
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\oobe
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\npp
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\mui
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\inetsrv
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\IME
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\icsxml
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\ias
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\export
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\drivers
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\drivers\etc
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\drivers\disdn
    2007-08-24 02:37:54 0 dr-hs--c- C:\WINDOWS\System32\dllcache
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\dhcp
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\config
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\3com_dmi
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\3076
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\2052
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1054
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1042
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1041
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1037
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1033
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1031
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1028
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\System32\1025
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\system
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\security
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Resources
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\repair
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\mui
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\msapps
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\msagent
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Media
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\java
    2007-08-24 02:37:54 0 d--h
    C:\WINDOWS\inf
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\ime
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Help
    2007-08-24 02:37:54 0 dr--s---- C:\WINDOWS\Fonts
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Driver Cache
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Debug
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Cursors
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Connection Wizard
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\Config
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\AppPatch
    2007-08-24 02:37:54 0 d
    C:\WINDOWS\addins
    2007-08-24 02:14:09 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\AdobeUM
    2007-08-24 02:14:03 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\Adobe
    2007-08-24 02:14:02 0 d
    C:\Program Files\Common Files\Adobe
    2007-08-24 01:11:30 0 d
    C:\Program Files\HHVcdV5Sys
    2007-08-24 01:11:29 0 d
    C:\Program Files\Virtual CD v5
    2007-08-24 01:04:57 0 d
    C:\Documents and Settings\All Users\Application

    Data\Adobe
    2007-08-24 01:03:18 0 d
    C:\WINDOWS\Cache
    2007-08-23 23:58:49 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\Help
    2007-08-23 23:27:37 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\Macromedia
    2007-08-23 23:27:24 0 d---s---- C:\Documents and Settings\CB SINGH\UserData
    2007-08-23 22:06:48 0 d
    C:\Program Files\Microsoft ActiveSync
    2007-08-23 22:05:50 0 d
    C:\WINDOWS\ShellNew
    2007-08-23 22:01:34 0 d
    C:\Program Files\McAfee
    2007-08-23 22:01:34 0 d
    C:\Program Files\Common Files\Network Associates
    2007-08-23 21:53:11 18004 -ra
    C:\WINDOWS\System32\drivers\slnt.sys <Not Verified;

    Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>
    2007-08-23 21:50:44 0 d
    C:\Program Files\Realtek
    2007-08-23 21:48:47 0 d---s---- C:\WINDOWS\System32\Microsoft
    2007-08-23 21:47:58 0 d
    C:\WINDOWS\OPTIONS
    2007-08-23 21:47:01 0 d
    C:\WINDOWS\Drivers
    2007-08-23 21:45:56 266240 --a
    C:\WINDOWS\CMIUninstall.exe <Not Verified; ;

    GeneralUninstall Application>
    2007-08-23 21:45:56 225280 --a
    C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ;

    CmiRmRedundDir Application>
    2007-08-23 21:45:56 28672 --a
    C:\WINDOWS\CMIRmDriver.dll
    2007-08-23 21:45:56 0 d
    C:\Program Files\C-Media 3D Audio
    2007-08-23 21:45:38 306688 --a
    C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield

    Software Corporation; InstallShield® unInstaller>
    2007-08-23 21:45:24 0 d
    C:\Program Files\Intel
    2007-08-23 21:45:04 0 d
    C:\WINDOWS\System32\ReinstallBackups
    2007-08-23 21:45:02 0 d--h
    C:\Program Files\InstallShield Installation

    Information
    2007-08-23 21:44:53 0 d
    C:\Program Files\Common Files\InstallShield
    2007-08-23 21:44:37 5824 --a
    C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    2007-08-23 21:44:12 0 d--hs---- C:\WINDOWS\Installer
    2007-08-23 21:44:10 0 d
    C:\Documents and Settings\CB SINGH\Application

    Data\Identities
    2007-08-23 21:44:01 0 d--h
    C:\Documents and Settings\CB SINGH\Templates
    2007-08-23 21:44:01 0 dr
    C:\Documents and Settings\CB SINGH\Start Menu
    2007-08-23 21:44:01 0 dr-h
    C:\Documents and Settings\CB SINGH\SendTo
    2007-08-23 21:44:01 0 dr-h
    C:\Documents and Settings\CB SINGH\Recent
    2007-08-23 21:44:01 0 d--h
    C:\Documents and Settings\CB SINGH\PrintHood
    2007-08-23 21:44:01 1835008 --ah
    C:\Documents and Settings\CB SINGH\NTUSER.DAT
    2007-08-23 21:44:01 0 d--h
    C:\Documents and Settings\CB SINGH\NetHood
    2007-08-23 21:44:01 0 dr
    C:\Documents and Settings\CB SINGH\My Documents
    2007-08-23 21:44:01 0 d--h
    C:\Documents and Settings\CB SINGH\Local Settings
    2007-08-23 21:44:01 0 dr
    C:\Documents and Settings\CB SINGH\Favorites
    2007-08-23 21:44:01 0 d
    C:\Documents and Settings\CB SINGH\Desktop
    2007-08-23 21:44:01 0 d---s---- C:\Documents and Settings\CB SINGH\Cookies
    2007-08-23 21:44:01 0 dr-h
    C:\Documents and Settings\CB SINGH\Application Data
    2007-08-23 21:31:03 0 d--hs---- C:\System Volume Information
    2007-08-23 21:30:54 0 d
    C:\WINDOWS\Prefetch
    2007-08-23 21:30:54 229376 --ah
    C:\Documents and Settings\LocalService\NTUSER.DAT
    2007-08-23 21:30:54 0 d--h
    C:\Documents and Settings\LocalService\Local

    Settings
    2007-08-23 21:30:54 0 d---s---- C:\Documents and Settings\LocalService\Cookies
    2007-08-23 21:30:54 0 d
    C:\Documents and Settings\LocalService\Application

    Data
    2007-08-23 21:30:54 0 d---s---- C:\Documents and Settings\LocalService\Application

    Data\Microsoft
    2007-08-23 21:30:53 229376 --ah
    C:\Documents and Settings\NetworkService\NTUSER.DAT
    2007-08-23 21:30:53 0 d--h
    C:\Documents and Settings\NetworkService\Local

    Settings
    2007-08-23 21:30:53 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
    2007-08-23 21:30:53 0 d
    C:\Documents and Settings\NetworkService\Application

    Data
    2007-08-23 21:30:53 0 d---s---- C:\Documents and Settings\NetworkService\Application

    Data\Microsoft
    2007-08-23 21:27:32 0 d
    C:\WINDOWS\System32\xircom
    2007-08-23 21:27:32 0 d
    C:\Program Files\microsoft frontpage
    2007-08-23 21:27:22 229376 ---h
    C:\Documents and Settings\Default User\NTUSER.DAT
    2007-08-23 21:25:01 0 -rahs---- C:\MSDOS.SYS
    2007-08-23 21:25:01 0 -rahs---- C:\IO.SYS
    2007-08-23 21:25:01 0 --a
    C:\CONFIG.SYS
    2007-08-23 21:25:01 0 --a
    C:\AUTOEXEC.BAT
    2007-08-23 21:23:24 0 d--hs---- C:\Documents and Settings\All Users\DRM
    2007-08-23 21:23:14 0 dr
    C:\WINDOWS\Offline Web Pages
    2007-08-23 21:23:14 0 d---s---- C:\WINDOWS\Downloaded Program Files
    2007-08-23 21:22:49 0 d
    C:\WINDOWS\System32\DirectX
    2007-08-23 21:22:12 0 d---s---- C:\WINDOWS\Tasks
    2007-08-23 21:22:10 0 d
    C:\Program Files\Common Files\MSSoap
    2007-08-23 21:22:06 0 d
    C:\WINDOWS\System32\Macromed
    2007-08-23 21:22:06 0 d
    C:\WINDOWS\srchasst
    2007-08-23 21:22:04 0 d
    C:\Program Files\Movie Maker
    2007-08-23 21:22:01 0 d
    C:\WINDOWS\System32\Restore
    2007-08-23 21:22:01 0 d
    C:\WINDOWS\PCHealth
    2007-08-23 21:21:25 21640 --a
    C:\WINDOWS\System32\emptyregdb.dat
    2007-08-23 21:21:13 0 d
    C:\WINDOWS\Registration
    2007-08-23 21:21:07 0 d--h
    C:\Program Files\WindowsUpdate
    2007-08-23 21:21:07 0 d
    C:\Program Files\Online Services
    2007-08-23 21:21:02 0 d
    C:\Program Files\Messenger
    2007-08-23 21:20:57 0 d
    C:\Program Files\MSN Gaming Zone
    2007-08-23 21:20:25 0 d
    C:\Program Files\Windows NT
    2007-08-23 21:20:23 0 d
    C:\WINDOWS\System32\MsDtc
    2007-08-23 21:20:23 0 d
    C:\WINDOWS\System32\Com


    -- Find3M Report

    2007-08-27 12:46:34 133120 --a
    C:\WINDOWS\System32\sfc_os.dll <Not Verified;

    Microsoft Corporation; Microsoft® Windows® Operating System>
    2007-08-24 02:41:52 62 --ahs---- C:\Documents and Settings\CB SINGH\Application

    Data\desktop.ini


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
    08/26/2007 05:10 PM 84992 --a
    C:\WINDOWS\WebAssist.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
    "McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe"

    [01/29/2003 03:01 AM]
    "VC5Player"="C:\Program Files\HHVcdV5Sys\VC5Play.exe" []
    "NWEReboot"="" []
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" []
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/26/2007 01:04

    AM]
    "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant

    Updater\RuLaunch.exe" [05/23/2003 09:53 AM]

    C:\Documents and Settings\CB SINGH\Start Menu\Programs\Startup\
    MSWin-262856538.exe [8/27/2007 11:57:52 AM]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04

    AM]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -

    C:\WINDOWS\System32\Ceaiimhq.dll [08/27/2007 11:47 AM 6657]




    -- End of Deckard's System Scanner: finished at 2007-08-29 20:58:35


    ======================================
    DSS texts (extra.txt)
    Deckard's System Scanner v20070826.66
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Professional (build 2600) SP 1.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of Memory in Use: 71%
    Physical Memory (total/avail): 246.79 MiB / 70.23 MiB
    Pagefile Memory (total/avail): 606.2 MiB / 390.08 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1944.03 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 9.77 GiB total, 6.76 GiB free.
    D: is Fixed (NTFS) - 10 GiB total, 7.13 GiB free.
    E: is Fixed (NTFS) - 20 GiB total, 16 GiB free.
    F: is CDROM (No Media)
    G: is CDROM (No Media)
    H: is CDROM (No Media)
    I: is CDROM (No Media)
    J: is CDROM (No Media)
    K: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - WDC WD800BB-22JHA0 - 74.53 GiB - 3 partitions
    \PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
    \PARTITION1 - Installable File System - 10 GiB - D:
    \PARTITION2 - Installable File System - 20 GiB - E:



    -- Security Center

    AUOptions is scheduled to auto-install.


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\CB SINGH\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=CBSINGH
    ComSpec=C:\WINDOWS\system32\cmd.exe
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\CB SINGH
    LOGONSERVER=\\CBSINGH
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0401
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\CBSING~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\CBSING~1\LOCALS~1\Temp
    USERDOMAIN=CBSINGH
    USERNAME=CB SINGH
    USERPROFILE=C:\Documents and Settings\CB SINGH
    windir=C:\WINDOWS


    -- User Profiles

    CB SINGH (admin)
    Administrator (admin)


    -- Add/Remove Programs

    --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132

    C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe

    -uninstallUnlock
    Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
    C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
    HijackThis 2.0.0 --> "C:\Documents and Settings\CB SINGH\Desktop\HijackThis.exe" /uninstall
    Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE

    C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
    McAfee Firewall --> MsiExec.exe /I{4471FF45-62BD-11D6-B259-00C04FF4B435}
    McAfee VirusScan Home Edition --> MsiExec.exe /X{E4DC62CE-5F95-11D6-B254-00C04FF4B435}
    Microsoft Office XP Professional with FrontPage --> MsiExec.exe

    /I{90280409-6000-11D3-8CFE-0050048383C9}
    Nero 7 Essentials --> MsiExec.exe /I{E98D8E60-5FFD-4A39-A564-E7468ED31033}
    RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe

    RealNetworks|RealPlayer|6.0
    REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32

    C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup

    "C:\Program Files\InstallShield Installation

    Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
    Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
    RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32

    C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program

    Files\InstallShield Installation

    Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
    Virtual CD v5 --> MsiExec.exe /I{7F878808-B462-4A82-B956-452595F8B29A}
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


    -- Application Event Log

    Event Record #/Type122 / Error
    Event Submitted/Written: 08/29/2007 08:20:24 PM
    Event ID/Source: 8193 / VSS
    Event Description:
    Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr =

    0x80040206.

    Event Record #/Type121 / Error
    Event Submitted/Written: 08/29/2007 08:20:24 PM
    Event ID/Source: 4609 / EventSystem
    Event Description:
    The COM+ Event System detected a bad return code during its internal processing. HRESULT

    was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please

    contact Microsoft Product Support Services to report this error.

    Event Record #/Type119 / Error
    Event Submitted/Written: 08/29/2007 08:19:05 PM
    Event ID/Source: 8193 / VSS
    Event Description:
    Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr =

    0x80040206.

    Event Record #/Type118 / Error
    Event Submitted/Written: 08/29/2007 08:19:05 PM
    Event ID/Source: 4609 / EventSystem
    Event Description:
    The COM+ Event System detected a bad return code during its internal processing. HRESULT

    was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please

    contact Microsoft Product Support Services to report this error.

    Event Record #/Type116 / Error
    Event Submitted/Written: 08/29/2007 08:12:53 PM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application avp.exe, version 1.0.0.1, faulting module ntdll.dll, version

    5.1.2600.1106, fault address 0x0000031b.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type1202 / Error
    Event Submitted/Written: 08/29/2007 08:38:46 PM
    Event ID/Source: 8032 / BROWSER
    Event Description:
    The browser service has failed to retrieve the backup list too many times on transport

    \Device\NetBT_Tcpip_{07B9B5FD-D792-452D-9F38-831953D3D316}.
    The backup browser is stopping.

    Event Record #/Type1201 / Warning
    Event Submitted/Written: 08/29/2007 08:35:22 PM
    Event ID/Source: 8021 / BROWSER
    Event Description:
    The browser was unable to retrieve a list of servers from the browser master \\VINAY on the

    network \Device\NetBT_Tcpip_{07B9B5FD-D792-452D-9F38-831953D3D316}.
    The data is the error code.

    Event Record #/Type1199 / Error
    Event Submitted/Written: 08/29/2007 08:28:54 PM
    Event ID/Source: 11 / PlugPlayManager
    Event Description:
    The device Root\LEGACY_RUNTIME\0000 disappeared from the system without first being prepared

    for removal.

    Event Record #/Type1181 / Error
    Event Submitted/Written: 08/29/2007 08:25:50 PM
    Event ID/Source: 7026 / Service Control Manager
    Event Description:
    The following boot-start or system-start driver(s) failed to load:
    runtime2

    Event Record #/Type1176 / Error
    Event Submitted/Written: 08/29/2007 08:24:55 PM
    Event ID/Source: 1003 / System Error
    Event Description:
    Error code 000000d1, parameter1 fffffffc, parameter2 00000002, parameter3 00000000,

    parameter4 f9421da6.



    -- End of Deckard's System Scanner: finished at 2007-08-29 20:58:35


  • #4
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    You should be very careful following somebody else's instructions trip_3c
    Your PC is quite infected, do the following


    Please download FixWareout from here:
    http://downloads.subratam.org/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
    Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
    Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

    If you have internet connection problems then do the following :

    Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.



    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
    O16 - DPF: {10003000-1000-0000-1000-000000000000} () - ms-its:mhtml:file://C:\\foo.mht!http://85.255.118.43/data/on.chm::/on.exe

    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



    Go to this site:
    http://www.virustotal.com/
    On top you'll find 'Browse'
    Click the browse button and browse to the file:

    C:\WINDOWS\system32\MSWin-262856538.exe

    Click open.
    Then click the 'Send' button next to it.
    This will scan the file. Please be patient.
    Once scanned, copy and paste the results as well in your next reply.



    Please download OTMoveIt by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\WINDOWS\Web\related.htm
      C:\WINDOWS\WebAssist.dll
      C:\WINDOWS\Tasks\At21.job
      C:\WINDOWS\Tasks\At24.job
      C:\WINDOWS\Tasks\At23.job
      C:\WINDOWS\Tasks\At22.job
      C:\WINDOWS\Tasks\At13.job
      C:\WINDOWS\Tasks\At12.job
      C:\WINDOWS\Tasks\At18.job
      C:\WINDOWS\Tasks\At9.job
      C:\WINDOWS\Tasks\At8.job
      C:\WINDOWS\Tasks\At7.job
      C:\WINDOWS\Tasks\At6.job
      C:\WINDOWS\Tasks\At5.job
      C:\WINDOWS\Tasks\At4.job
      C:\WINDOWS\Tasks\At3.job
      C:\WINDOWS\Tasks\At20.job
      C:\WINDOWS\Tasks\At2.job
      C:\WINDOWS\Tasks\At19.job
      C:\WINDOWS\Tasks\At17.job
      C:\WINDOWS\Tasks\At16.job
      C:\WINDOWS\Tasks\At15.job
      C:\WINDOWS\Tasks\At14.job
      C:\WINDOWS\Tasks\At11.job
      C:\WINDOWS\Tasks\At10.job
      C:\WINDOWS\Tasks\At1.job
      C:\nptlfp.exe
      C:\j7q1c4v1i6s4.exe
      C:\WINDOWS\System32\MailSpectre.exe
      C:\WINDOWS\System32\drivers\smtpdrv.sys
      C:\WINDOWS\System32\Ceaiimhq.dll
      C:\45m.exe
      C:\WINDOWS\_MSRSTRT.EXE

    • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
    • Click the red Moveit! button.
    • Close OTMoveIt
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

    Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")

    Click "Exit" to close OTMoveIt.



    So in your next reply I need to see the following : the FixWareout text, the OTMoveIt results, a new DSS log, the results of that file I asked you to scan, and tell me how your PC is running now and if you had any problems.


  • #5
    trip_3c
    Closed Accounts Posts: 4 trip_3c


    well bro thnks
    My system is working absolutely fine now.
    I want to ask u another thing- Wat was there in these reports that drew ur attention
    Moreover I want to learn abt it.
    Where to start from..
    THanks a lot...


  • #6
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Your PC will definitely still have some malware on it trip_3c
    I'd suggest you post the reports I asked for and we continue on, your choice though.
    Wat was there in these reports that drew ur attention
    Too much to list :)
    Moreover I want to learn abt it.
    Where to start from..
    It is not easy I'll tell you that much, but try this link
    http://forum.piriform.com/lofiversion/index.php/t7929.html


  • Advertisement
  • #7
    trip_3c
    Closed Accounts Posts: 4 trip_3c


    The reports are as follows:

    FixWareout text

    Username "CB SINGH" - 08/30/2007 19:53:44 [Fixwareout edited 2007/07/05]

    »»»»»Prerun check

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
    "nameserver"="85.255.114.20 85.255.112.175" <Value cleared.
    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1FCB3570-DF17-473A-ACE2-F3737B42AAD8}
    "DhcpNameServer"="85.255.114.20,85.255.112.175" <Value cleared.

    Successfully flushed the DNS Resolver Cache.


    System was rebooted successfully.

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}46E310310101-2A9B-2F64-13CC-7DB52124{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5F7CF5CE84D0-1E39-7A04-6A69-96DE2A61{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A5D1D6811008-B64A-D564-894D-117225F5{" Deleted
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B4F145E6A689-E5AB-46D4-5D16-437F25B6{" Deleted
    C:\WINDOWS\System32\nfxam.exe Deleted
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    »»»»» Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "McAfee Guardian"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"
    "VC5Player"="C:\\Program Files\\HHVcdV5Sys\\VC5Play.exe"
    "NWEReboot"=""
    "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»


    ======================================================

    OTMoveIt results

    C:\WINDOWS\Web\related.htm moved successfully.
    File/Folder C:\WINDOWS\WebAssist.dll not found.
    C:\WINDOWS\Tasks\At21.job moved successfully.
    C:\WINDOWS\Tasks\At24.job moved successfully.
    C:\WINDOWS\Tasks\At23.job moved successfully.
    C:\WINDOWS\Tasks\At22.job moved successfully.
    C:\WINDOWS\Tasks\At13.job moved successfully.
    C:\WINDOWS\Tasks\At12.job moved successfully.
    C:\WINDOWS\Tasks\At18.job moved successfully.
    C:\WINDOWS\Tasks\At9.job moved successfully.
    C:\WINDOWS\Tasks\At8.job moved successfully.
    C:\WINDOWS\Tasks\At7.job moved successfully.
    C:\WINDOWS\Tasks\At6.job moved successfully.
    C:\WINDOWS\Tasks\At5.job moved successfully.
    C:\WINDOWS\Tasks\At4.job moved successfully.
    C:\WINDOWS\Tasks\At3.job moved successfully.
    C:\WINDOWS\Tasks\At20.job moved successfully.
    C:\WINDOWS\Tasks\At2.job moved successfully.
    C:\WINDOWS\Tasks\At19.job moved successfully.
    C:\WINDOWS\Tasks\At17.job moved successfully.
    C:\WINDOWS\Tasks\At16.job moved successfully.
    C:\WINDOWS\Tasks\At15.job moved successfully.
    C:\WINDOWS\Tasks\At14.job moved successfully.
    C:\WINDOWS\Tasks\At11.job moved successfully.
    C:\WINDOWS\Tasks\At10.job moved successfully.
    C:\WINDOWS\Tasks\At1.job moved successfully.
    C:\nptlfp.exe moved successfully.
    C:\j7q1c4v1i6s4.exe moved successfully.
    C:\WINDOWS\System32\MailSpectre.exe moved successfully.
    C:\WINDOWS\System32\drivers\smtpdrv.sys moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\System32\Ceaiimhq.dll
    C:\WINDOWS\System32\Ceaiimhq.dll NOT unregistered.
    C:\WINDOWS\System32\Ceaiimhq.dll moved successfully.
    C:\45m.exe moved successfully.
    C:\WINDOWS\_MSRSTRT.EXE moved successfully.

    Created on 08/30/2007 20:09:29


    =========================================================


  • #8
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Can you please post a new DSS log as well.


  • #9
    trip_3c
    Closed Accounts Posts: 4 trip_3c


    According to ur last post, u didnt asked me to execute DSS
    Anyways its there in my previous mail, ie on 29-08-2007, 18:11

    Thnks


  • #10
    ActorSeeksJob
    Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hard to keep track of things :)

    I need you to run it again, I need to see a new log.


Advertisement