Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Getting WinDV.exe Error on Boot
-
28-08-2007 5:41amWhen I boot my computer I get a "missing windv.exe" error. My virus scanner also pops up with "trojan downloader viruses." I downloaded hijackthis and saved my log.
I have no idea what i am looking at. My computer will eventually freeze up and i will need to reboot. No matter what i do with these "trojan downloader's" they always pop back up upon reboot.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:56 PM, on 8/27/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\WINDOWS\System32\nrksn.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\help.exe
C:\WINDOWS\System32\NSecurity.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Application Layer Gateway Service] C:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\nrksn.exe
O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKLM\..\Run: [MSDNN] C:\WINDOWS\help.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\Run: [MSDNN] C:\WINDOWS\help.exe
O4 - HKUS\S-1-5-18\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'Default user')
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe (file missing)
--
End of file - 4876 bytes0
Comments
-
You have quite a few nasty infections, do this
Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.@echo off sc stop "Windows Drivers Version" sc delete "Windows Drivers Version" exit
Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in FixService.bat
In the Save as type drop down box select All Files
Close Notepad.
Now, find FixService.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
F2 - REG:system.ini: Shell=Explorer.exe %WINDIR%\WinDV.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\nrksn.exe
O4 - HKLM\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKLM\..\Run: [MSDNN] C:\WINDOWS\help.exe
O4 - HKCU\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe
O4 - HKCU\..\Run: [MSDNN] C:\WINDOWS\help.exe
O4 - HKUS\S-1-5-18\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Network Security] C:\WINDOWS\System32\NSecurity.exe (User 'Default user')
O23 - Service: Windows Drivers Version - Unknown owner - C:\WINDOWS\WinDV.exe (file missing)
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Please download OTMoveIt by OldTimer.- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\System32\iexplore.exe
C:\WINDOWS\System32\nrksn.exe
C:\WINDOWS\System32\NSecurity.exe
C:\WINDOWS\help.exe
C:\WINDOWS\WinDV.exe - Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Close OTMoveIt
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
Please download Deckard's System Scanner (DSS) and save it to your Desktop.- Close all other windows before proceeding.
- Double-click on dss.exe and follow the prompts.
- If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
- When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
So in your next reply I need to see the following : the SDFix report, the OTMoveIt results, the two DSS texts in full, and tell me how your PC is running now and if you had any problems.0 -
Well even I encountered the same problem. A windv.exe used to get popped up during startup
and my system used to get restarted after a while(2-3 min).
After following the above steps I was able to eradicate the windv.exe problem but the
restarting of my system continues.
When the system gets restarted a window explorer error pops up(Windows Explorer encountered
a problem and needs to ) with the following details:
AppName-explorer.exe
AppVer-6.0.2800.1106
ModName-advapi32.dll
ModVer-5.1.2600.1106
Offset-00000426
The reports are as follows:
SDFix report
SDFix: Version 1.100
Run by CB SINGH on Wed 08/29/2007 at 08:22 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
ntio256
runtime
ImagePath:
\??\C:\WINDOWS\System32\ntio256.sys
\??\C:\WINDOWS\System32\drivers\runtime.sys
ntio256 - Deleted
runtime - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Dummy:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Service runtime2 - Deleted after Reboot
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\SYSTEM32\KERNEL32.EXE - Deleted
C:\413728~1 - Deleted
C:\Documents and Settings\CB SINGH\Start Menu\Programs\Startup\MSWin--393324980.exe -
Deleted
C:\Program Files\Common Files\delsim\del.exe - Deleted
C:\d.exe - Deleted
C:\wintemp.log - Deleted
C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\mgrs.exe - Deleted
C:\WINDOWS\system32\6_exception.nls - Deleted
C:\WINDOWS\system32\Kernel32.exe - Deleted
C:\WINDOWS\system32\kr_done1 - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
C:\WINDOWS\system32\ntio256.sys - Deleted
C:\WINDOWS\system32\protector.exe - Deleted
C:\WINDOWS\Temp\startdrv.exe - Deleted
C:\WINDOWS\system32\drivers\runtime2.sys - Deleted
Folder C:\Program Files\Common Files\delsim - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
Authorized Application Key Export:
Remaining Files:
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\WINDOWS\SoftwareDistribution\Download\0091ab299e899a5920ad91739ad99c67\BIT1C.tmp
C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BITA.tmp
C:\WINDOWS\SoftwareDistribution\Download\05dc5f0b39a115d1962503e7297cdba7\BITD.tmp
C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BIT40.tmp
C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\BITE.tmp
C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT34.tmp
C:\WINDOWS\SoftwareDistribution\Download\1230492412c0d92c55a03b0de671f167\BIT9.tmp
C:\WINDOWS\SoftwareDistribution\Download\15c0ab260081ce840e2b252751d01b80\BIT30.tmp
C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\BIT15.tmp
C:\WINDOWS\SoftwareDistribution\Download\1e0d5826a4592cc6d08a9c51de1deab1\BIT17.tmp
C:\WINDOWS\SoftwareDistribution\Download\1fb659e25c21839251d560da33cbcfad\BIT31.tmp
C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\BIT22.tmp
C:\WINDOWS\SoftwareDistribution\Download\2d7809720343ee9223ce4d88d99bf3c2\BIT25.tmp
C:\WINDOWS\SoftwareDistribution\Download\32cc777251e695000c46eaf909a80b37\BIT12.tmp
C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\BIT1F.tmp
C:\WINDOWS\SoftwareDistribution\Download\33dda7a9fdd16ad3949443f62d248f25\BIT2C.tmp
C:\WINDOWS\SoftwareDistribution\Download\3becf78026ee8bb0c18f61c3d3645cb6\BITC.tmp
C:\WINDOWS\SoftwareDistribution\Download\4596f4b9d8a4b5253ee760a58a45bcfb\BIT2D.tmp
C:\WINDOWS\SoftwareDistribution\Download\495213e4cb2a90b1fa5505a5fab8e00b\BIT35.tmp
C:\WINDOWS\SoftwareDistribution\Download\4a882309d56e564894505aaa60eac9b1\BIT24.tmp
C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\BIT39.tmp
C:\WINDOWS\SoftwareDistribution\Download\4cc8107fde988bba1481bb736cc96c29\BIT33.tmp
C:\WINDOWS\SoftwareDistribution\Download\512e19b377bd5d52a1e190ecbd7a83eb\BIT1B.tmp
C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\BIT20.tmp
C:\WINDOWS\SoftwareDistribution\Download\52d0bad96d671744fec5c77caa4cdf4d\BITB.tmp
C:\WINDOWS\SoftwareDistribution\Download\55b5c397ff94db07e8c1c336efaf0a7b\BIT3C.tmp
C:\WINDOWS\SoftwareDistribution\Download\587d85e782ae94381c309d8add64e1a0\BIT11.tmp
C:\WINDOWS\SoftwareDistribution\Download\65cd5bd54188e653414d6e2035b6edfb\BIT2E.tmp
C:\WINDOWS\SoftwareDistribution\Download\694301dbfd149d8645046cbc0b1067e8\BIT13.tmp
C:\WINDOWS\SoftwareDistribution\Download\6f0fd10fc234123bcdf54ebca4b84cbd\BIT41.tmp
C:\WINDOWS\SoftwareDistribution\Download\71c02bde984543df4e0eb833332b8a16\BIT7.tmp
C:\WINDOWS\SoftwareDistribution\Download\791153f24e30cff9e2b19e146f3029a9\BIT1E.tmp
C:\WINDOWS\SoftwareDistribution\Download\7b94d041c29d0b8d724c97ae0005e71b\BIT1D.tmp
C:\WINDOWS\SoftwareDistribution\Download\837a8691e43011f909e4b3e192fe1437\BIT36.tmp
C:\WINDOWS\SoftwareDistribution\Download\85fabe342f5808f4164862c06168055d\BIT16.tmp
C:\WINDOWS\SoftwareDistribution\Download\8aba0967f899f346d112e436c1f1b5c7\BIT23.tmp
C:\WINDOWS\SoftwareDistribution\Download\8b20f1a9610d239c2680847de8fa139a\BIT3A.tmp
C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT8.tmp
C:\WINDOWS\SoftwareDistribution\Download\a099dfb7d5d88247579330743c8014f3\BIT29.tmp
C:\WINDOWS\SoftwareDistribution\Download\a1958c12079db3dbba3db562fc08c81b\BIT3D.tmp
C:\WINDOWS\SoftwareDistribution\Download\a4eec31189780c76a955690dc00fbe64\BIT10.tmp
C:\WINDOWS\SoftwareDistribution\Download\adc42e4e6905251cac80b18a8dccd42a\BIT3F.tmp
C:\WINDOWS\SoftwareDistribution\Download\aebb83db003f77a45671fd2c1557da38\BITF.tmp
C:\WINDOWS\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\BIT14.tmp
C:\WINDOWS\SoftwareDistribution\Download\c23140ab2b4cffaee396a230df8b1229\BIT43.tmp
C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\BIT26.tmp
C:\WINDOWS\SoftwareDistribution\Download\cddbefa165dabeb577b6952c247eddf9\BIT21.tmp
C:\WINDOWS\SoftwareDistribution\Download\d037d9bbbbdf880e477c3840b38c3180\BIT37.tmp
C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\BIT3E.tmp
C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\BIT2B.tmp
C:\WINDOWS\SoftwareDistribution\Download\d4c8781e1d18b4040768e6b1e10d77cf\BIT1A.tmp
C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\BIT18.tmp
C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT38.tmp
C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\BIT42.tmp
C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\BIT2F.tmp
C:\WINDOWS\SoftwareDistribution\Download\f934b30a3337b488590ef3c1f3bbfd68\BIT2A.tmp
C:\WINDOWS\SoftwareDistribution\Download\f941c900a413f153861a4032214a1aec\BIT19.tmp
C:\WINDOWS\SoftwareDistribution\Download\fa53e640686f7f15b5ee3f532304b804\BIT28.tmp
Finished
=======================================
OTMoveIt report
File/Folder C:\WINDOWS\System32\iexplore.exe not found.
File/Folder C:\WINDOWS\System32\nrksn.exe not found.
File/Folder C:\WINDOWS\System32\NSecurity.exe not found.
File/Folder C:\WINDOWS\help.exe not found.
File/Folder C:\WINDOWS\WinDV.exe not found.
Created on 08/29/2007 20:39:28
==========================================
DSS texts(main.txt)
Deckard's System Scanner v20070826.66
Run by CB SINGH on 2007-08-29 20:52:38
Computer is in Normal Mode.
-- System Restore
-- Last 5 Restore Point(s) --
17: 2007-08-29 15:12:50 UTC - RP17 - Deckard's System Scanner Restore Point
16: 2007-08-28 17:20:39 UTC - RP16 - Installed Windows XP KB898461.
15: 2007-08-28 17:20:14 UTC - RP15 - Installed Windows Installer KB893803v2.
14: 2007-08-28 17:17:53 UTC - RP14 - Installed Windows XP KB842773.
13: 2007-08-28 17:17:40 UTC - RP13 - Software Distribution Service 3.0
-- First Restore Point --
1: 2007-08-23 16:14:21 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 247 MiB (512 MiB recommended).
-- HijackThis (run as CB SINGH.exe)
Unable to find log (file not found); running clone.
-- HijackThis Clone
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-29 20:57:30
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\McAfee\McAfee VirusScan\VSStat.exe
C:\Program Files\McAfee\McAfee VirusScan\vshwin32.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\update\update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\CB SINGH\Desktop\dss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\CB SINGH.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer -
{3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program
Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKEY_LOCAL_MACHINE\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared
Components\Guardian\CMGrdian.exe" /SU
O4 - HKEY_LOCAL_MACHINE\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\Program Files\Common
Files\Ahead\Lib\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared
Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: MSWin-262856538.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\Web\related.htm
O16 - DPF: {10003000-1000-0000-1000-000000000000} () -
ms-its:mhtml:file://C:\\foo.mht!http://85.255.118.43/data/on.chm::/on.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation
Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1
188322138718
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{07B9B5FD-D792-452D-9F38-831953D3D316}: NameServer =
85.255.114.20,85.255.112.175
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{F6F850F1-2F19-4E4A-BCFF-E804F83DB6FF}: NameServer =
85.255.114.20,85.255.112.175
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.20 85.255.112.175
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common
Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program
Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - "C:\Program
Files\McAfee\McAfee VirusScan\Avsynmgr.exe"
O23 - Service: McShield - Unknown owner - "C:\Program Files\Common Files\Network
Associates\McShield\Mcshield.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
BackItUp\NBService.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program
Files\HHVcdV5Sys\VC5SecS.exe
-- File Associations
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R1 smtpdrv - c:\windows\system32\drivers\smtpdrv.sys <Not Verified; NT Kernel Resources;
NDIS packet redirector driver>
R1 vbev5mp - c:\windows\system32\drivers\vbev5mp.sys <Not Verified; H+H Software GmbH;
Virtual CD>
R3 slnt (Real RTL8139 PCI Fast Ethernet Adapter) - c:\windows\system32\drivers\slnt.sys <Not
Verified; Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 AvSynMgr (AVSync Manager) - "c:\program files\mcafee\mcafee virusscan\avsynmgr.exe" <Not
Verified; Network Associates, Inc.; VirusScan Home Edition>
R2 VC5SecS (Virtual CD v5 Security service) - c:\program files\hhvcdv5sys\vc5secs.exe <Not
Verified; H+H Software GmbH; Virtual CD>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
-- Device Manager: Disabled
No disabled devices found.
-- Scheduled Tasks
2007-08-29 20:00:00 350 --a
C:\WINDOWS\Tasks\At21.job
2007-08-28 23:00:00 350 --a
C:\WINDOWS\Tasks\At24.job
2007-08-28 22:00:00 350 --a
C:\WINDOWS\Tasks\At23.job
2007-08-28 21:00:00 350 --a
C:\WINDOWS\Tasks\At22.job
2007-08-27 12:00:08 350 --a
C:\WINDOWS\Tasks\At13.job
2007-08-27 11:01:49 350 --a
C:\WINDOWS\Tasks\At12.job
2007-08-26 17:01:51 350 --a
C:\WINDOWS\Tasks\At18.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At9.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At8.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At7.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At6.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At5.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At4.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At3.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At20.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At2.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At19.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At17.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At16.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At15.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At14.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At11.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At10.job
2007-08-26 16:18:59 350 --a
C:\WINDOWS\Tasks\At1.job
-- Files created between 2007-07-29 and 2007-08-29
2007-08-29 20:54:24 0 d
C:\Program Files\Trend Micro
2007-08-29 20:21:39 0 d
C:\WINDOWS\ERUNT
2007-08-29 20:19:10 0 d--h
C:\Documents and Settings\Administrator\Templates
2007-08-29 20:19:10 0 dr
C:\Documents and Settings\Administrator\Start Menu
2007-08-29 20:19:10 0 dr-h
C:\Documents and Settings\Administrator\SendTo
2007-08-29 20:19:10 0 d--h
C:\Documents and Settings\Administrator\Recent
2007-08-29 20:19:10 0 d--h
C:\Documents and Settings\Administrator\PrintHood
2007-08-29 20:19:10 524288 --ah
C:\Documents and Settings\Administrator\NTUSER.DAT
2007-08-29 20:19:10 0 d--h
C:\Documents and Settings\Administrator\NetHood
2007-08-29 20:19:10 0 d
C:\Documents and Settings\Administrator\My Documents
2007-08-29 20:19:10 0 d--h
C:\Documents and Settings\Administrator\Local
Settings
2007-08-29 20:19:10 0 d
C:\Documents and Settings\Administrator\Favorites
2007-08-29 20:19:10 0 d
C:\Documents and Settings\Administrator\Desktop
2007-08-29 20:19:10 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-08-29 20:19:10 0 dr-h
C:\Documents and Settings\Administrator\Application
Data
2007-08-29 20:19:10 0 d---s---- C:\Documents and Settings\Administrator\Application
Data\Microsoft
2007-08-28 22:50:40 0 d
C:\WINDOWS\System32\PreInstall
2007-08-28 22:50:36 0 d--h
C:\WINDOWS\$hf_mig$
2007-08-28 22:49:28 0 d
C:\WINDOWS\System32\bits
2007-08-28 19:17:32 12385 --a
C:\nptlfp.exe
2007-08-27 12:47:42 52224 --a
C:\j7q1c4v1i6s4.exe
2007-08-27 11:49:12 94208 --a
C:\WINDOWS\System32\MailSpectre.exe
2007-08-27 11:49:12 18176 --a
C:\WINDOWS\System32\drivers\smtpdrv.sys <Not
Verified; NT Kernel Resources; NDIS packet redirector driver>
2007-08-27 11:47:25 6657 --a
C:\WINDOWS\System32\Ceaiimhq.dll
2007-08-27 11:46:51 7455 --a
C:\45m.exe
2007-08-27 10:54:24 0 d
C:\WINDOWS\System32\SoftwareDistribution
2007-08-27 10:51:56 0 d
C:\WINDOWS\SoftwareDistribution
2007-08-26 23:03:49 0 d
C:\Documents and Settings\All Users\Application
Data\Windows Genuine Advantage
2007-08-26 17:10:53 84992 --a
C:\WINDOWS\WebAssist.dll <Not Verified; ; WebAssist>
2007-08-26 16:29:16 2560 --a
C:\WINDOWS\_MSRSTRT.EXE
2007-08-26 01:27:37 0 d-a
C:\Documents and Settings\All Users\Application
Data\TEMP
2007-08-26 01:05:47 0 d
C:\Program Files\Common Files\xing shared
2007-08-26 01:04:59 0 d
C:\Program Files\Common Files\Real
2007-08-26 01:04:48 0 d
C:\Program Files\Real
2007-08-26 01:04:01 0 d
C:\Documents and Settings\CB SINGH\Application
Data\Real
2007-08-26 00:45:35 50688 --a
C:\WINDOWS\System32\wbhelp2.dll <Not Verified;
Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-08-24 03:58:51 0 d
C:\Documents and Settings\CB SINGH\Application
Data\Ahead
2007-08-24 03:56:21 0 d
C:\Program Files\Nero
2007-08-24 03:56:21 0 d
C:\Program Files\Common Files\Ahead
2007-08-24 03:55:00 0 d
C:\WINDOWS\RegisteredPackages
2007-08-24 03:54:11 1769472 --a
C:\WINDOWS\System32\dxdiagn.dll <Not Verified;
Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-24 03:54:11 1703936 --a
C:\WINDOWS\System32\d3d9.dll <Not Verified;
Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-24 02:42:15 0 d
C:\Program Files\Common Files\ODBC
2007-08-24 02:42:12 0 dr
C:\Program Files
2007-08-24 02:42:12 0 d
C:\Program Files\Common Files
2007-08-24 02:42:12 0 d
C:\Program Files\Common Files\SpeechEngines
2007-08-24 02:41:52 0 d--h
C:\Documents and Settings\Default User\Templates
2007-08-24 02:41:52 0 dr
C:\Documents and Settings\Default User\Start Menu
2007-08-24 02:41:52 0 dr-h
C:\Documents and Settings\Default User\SendTo
2007-08-24 02:41:52 0 d--h
C:\Documents and Settings\Default User\Recent
2007-08-24 02:41:52 0 d--h
C:\Documents and Settings\Default User\PrintHood
2007-08-24 02:41:52 0 d--h
C:\Documents and Settings\Default User\NetHood
2007-08-24 02:41:52 0 d
C:\Documents and Settings\Default User\My Documents
2007-08-24 02:41:52 0 dr-h
C:\Documents and Settings\Default User\Local
Settings
2007-08-24 02:41:52 0 d
C:\Documents and Settings\Default User\Favorites
2007-08-24 02:41:52 0 d
C:\Documents and Settings\Default User\Desktop
2007-08-24 02:41:52 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-08-24 02:41:52 0 d--h
C:\Documents and Settings\All Users\Templates
2007-08-24 02:41:52 0 dr
C:\Documents and Settings\All Users\Start Menu
2007-08-24 02:41:52 0 d
C:\Documents and Settings\All Users\Favorites
2007-08-24 02:41:52 0 dr
C:\Documents and Settings\All Users\Documents
2007-08-24 02:41:52 0 d
C:\Documents and Settings\All Users\Desktop
2007-08-24 02:41:40 0 d
C:\WINDOWS\System32\CatRoot2
2007-08-24 02:41:40 0 d
C:\WINDOWS\System32\CatRoot
2007-08-24 02:41:35 0 dr-h
C:\Documents and Settings\Default User\Application
Data
2007-08-24 02:41:35 0 d---s---- C:\Documents and Settings\Default User\Application
Data\Microsoft
2007-08-24 02:41:35 0 dr-h
C:\Documents and Settings\All Users\Application Data
2007-08-24 02:41:35 0 d---s---- C:\Documents and Settings\All Users\Application
Data\Microsoft
2007-08-24 02:41:21 0 d
C:\Documents and Settings
2007-08-24 02:37:54 0 d
C:\WINDOWS
2007-08-24 02:37:54 0 d
C:\WINDOWS\WinSxS
2007-08-24 02:37:54 0 dr
C:\WINDOWS\Web
2007-08-24 02:37:54 0 d
C:\WINDOWS\twain_32
2007-08-24 02:37:54 0 d
C:\WINDOWS\system32
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\wins
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\wbem
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\usmt
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\spool
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\ShellExt
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\Setup
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\ras
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\oobe
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\npp
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\mui
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\inetsrv
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\IME
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\icsxml
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\ias
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\export
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\drivers
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\drivers\etc
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\drivers\disdn
2007-08-24 02:37:54 0 dr-hs--c- C:\WINDOWS\System32\dllcache
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\dhcp
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\config
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\3com_dmi
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\3076
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\2052
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1054
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1042
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1041
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1037
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1033
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1031
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1028
2007-08-24 02:37:54 0 d
C:\WINDOWS\System32\1025
2007-08-24 02:37:54 0 d
C:\WINDOWS\system
2007-08-24 02:37:54 0 d
C:\WINDOWS\security
2007-08-24 02:37:54 0 d
C:\WINDOWS\Resources
2007-08-24 02:37:54 0 d
C:\WINDOWS\repair
2007-08-24 02:37:54 0 d
C:\WINDOWS\mui
2007-08-24 02:37:54 0 d
C:\WINDOWS\msapps
2007-08-24 02:37:54 0 d
C:\WINDOWS\msagent
2007-08-24 02:37:54 0 d
C:\WINDOWS\Media
2007-08-24 02:37:54 0 d
C:\WINDOWS\java
2007-08-24 02:37:54 0 d--h
C:\WINDOWS\inf
2007-08-24 02:37:54 0 d
C:\WINDOWS\ime
2007-08-24 02:37:54 0 d
C:\WINDOWS\Help
2007-08-24 02:37:54 0 dr--s---- C:\WINDOWS\Fonts
2007-08-24 02:37:54 0 d
C:\WINDOWS\Driver Cache
2007-08-24 02:37:54 0 d
C:\WINDOWS\Debug
2007-08-24 02:37:54 0 d
C:\WINDOWS\Cursors
2007-08-24 02:37:54 0 d
C:\WINDOWS\Connection Wizard
2007-08-24 02:37:54 0 d
C:\WINDOWS\Config
2007-08-24 02:37:54 0 d
C:\WINDOWS\AppPatch
2007-08-24 02:37:54 0 d
C:\WINDOWS\addins
2007-08-24 02:14:09 0 d
C:\Documents and Settings\CB SINGH\Application
Data\AdobeUM
2007-08-24 02:14:03 0 d
C:\Documents and Settings\CB SINGH\Application
Data\Adobe
2007-08-24 02:14:02 0 d
C:\Program Files\Common Files\Adobe
2007-08-24 01:11:30 0 d
C:\Program Files\HHVcdV5Sys
2007-08-24 01:11:29 0 d
C:\Program Files\Virtual CD v5
2007-08-24 01:04:57 0 d
C:\Documents and Settings\All Users\Application
Data\Adobe
2007-08-24 01:03:18 0 d
C:\WINDOWS\Cache
2007-08-23 23:58:49 0 d
C:\Documents and Settings\CB SINGH\Application
Data\Help
2007-08-23 23:27:37 0 d
C:\Documents and Settings\CB SINGH\Application
Data\Macromedia
2007-08-23 23:27:24 0 d---s---- C:\Documents and Settings\CB SINGH\UserData
2007-08-23 22:06:48 0 d
C:\Program Files\Microsoft ActiveSync
2007-08-23 22:05:50 0 d
C:\WINDOWS\ShellNew
2007-08-23 22:01:34 0 d
C:\Program Files\McAfee
2007-08-23 22:01:34 0 d
C:\Program Files\Common Files\Network Associates
2007-08-23 21:53:11 18004 -ra
C:\WINDOWS\System32\drivers\slnt.sys <Not Verified;
Silan Micro-Electronics Inc.; Silan Micro-Electronics Inc.>
2007-08-23 21:50:44 0 d
C:\Program Files\Realtek
2007-08-23 21:48:47 0 d---s---- C:\WINDOWS\System32\Microsoft
2007-08-23 21:47:58 0 d
C:\WINDOWS\OPTIONS
2007-08-23 21:47:01 0 d
C:\WINDOWS\Drivers
2007-08-23 21:45:56 266240 --a
C:\WINDOWS\CMIUninstall.exe <Not Verified; ;
GeneralUninstall Application>
2007-08-23 21:45:56 225280 --a
C:\WINDOWS\CmiRmRedundDir.exe <Not Verified; ;
CmiRmRedundDir Application>
2007-08-23 21:45:56 28672 --a
C:\WINDOWS\CMIRmDriver.dll
2007-08-23 21:45:56 0 d
C:\Program Files\C-Media 3D Audio
2007-08-23 21:45:38 306688 --a
C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield
Software Corporation; InstallShield® unInstaller>
2007-08-23 21:45:24 0 d
C:\Program Files\Intel
2007-08-23 21:45:04 0 d
C:\WINDOWS\System32\ReinstallBackups
2007-08-23 21:45:02 0 d--h
C:\Program Files\InstallShield Installation
Information
2007-08-23 21:44:53 0 d
C:\Program Files\Common Files\InstallShield
2007-08-23 21:44:37 5824 --a
C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
2007-08-23 21:44:12 0 d--hs---- C:\WINDOWS\Installer
2007-08-23 21:44:10 0 d
C:\Documents and Settings\CB SINGH\Application
Data\Identities
2007-08-23 21:44:01 0 d--h
C:\Documents and Settings\CB SINGH\Templates
2007-08-23 21:44:01 0 dr
C:\Documents and Settings\CB SINGH\Start Menu
2007-08-23 21:44:01 0 dr-h
C:\Documents and Settings\CB SINGH\SendTo
2007-08-23 21:44:01 0 dr-h
C:\Documents and Settings\CB SINGH\Recent
2007-08-23 21:44:01 0 d--h
C:\Documents and Settings\CB SINGH\PrintHood
2007-08-23 21:44:01 1835008 --ah
C:\Documents and Settings\CB SINGH\NTUSER.DAT
2007-08-23 21:44:01 0 d--h
C:\Documents and Settings\CB SINGH\NetHood
2007-08-23 21:44:01 0 dr
C:\Documents and Settings\CB SINGH\My Documents
2007-08-23 21:44:01 0 d--h
C:\Documents and Settings\CB SINGH\Local Settings
2007-08-23 21:44:01 0 dr
C:\Documents and Settings\CB SINGH\Favorites
2007-08-23 21:44:01 0 d
C:\Documents and Settings\CB SINGH\Desktop
2007-08-23 21:44:01 0 d---s---- C:\Documents and Settings\CB SINGH\Cookies
2007-08-23 21:44:01 0 dr-h
C:\Documents and Settings\CB SINGH\Application Data
2007-08-23 21:31:03 0 d--hs---- C:\System Volume Information
2007-08-23 21:30:54 0 d
C:\WINDOWS\Prefetch
2007-08-23 21:30:54 229376 --ah
C:\Documents and Settings\LocalService\NTUSER.DAT
2007-08-23 21:30:54 0 d--h
C:\Documents and Settings\LocalService\Local
Settings
2007-08-23 21:30:54 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-08-23 21:30:54 0 d
C:\Documents and Settings\LocalService\Application
Data
2007-08-23 21:30:54 0 d---s---- C:\Documents and Settings\LocalService\Application
Data\Microsoft
2007-08-23 21:30:53 229376 --ah
C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-08-23 21:30:53 0 d--h
C:\Documents and Settings\NetworkService\Local
Settings
2007-08-23 21:30:53 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-08-23 21:30:53 0 d
C:\Documents and Settings\NetworkService\Application
Data
2007-08-23 21:30:53 0 d---s---- C:\Documents and Settings\NetworkService\Application
Data\Microsoft
2007-08-23 21:27:32 0 d
C:\WINDOWS\System32\xircom
2007-08-23 21:27:32 0 d
C:\Program Files\microsoft frontpage
2007-08-23 21:27:22 229376 ---h
C:\Documents and Settings\Default User\NTUSER.DAT
2007-08-23 21:25:01 0 -rahs---- C:\MSDOS.SYS
2007-08-23 21:25:01 0 -rahs---- C:\IO.SYS
2007-08-23 21:25:01 0 --a
C:\CONFIG.SYS
2007-08-23 21:25:01 0 --a
C:\AUTOEXEC.BAT
2007-08-23 21:23:24 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-08-23 21:23:14 0 dr
C:\WINDOWS\Offline Web Pages
2007-08-23 21:23:14 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-08-23 21:22:49 0 d
C:\WINDOWS\System32\DirectX
2007-08-23 21:22:12 0 d---s---- C:\WINDOWS\Tasks
2007-08-23 21:22:10 0 d
C:\Program Files\Common Files\MSSoap
2007-08-23 21:22:06 0 d
C:\WINDOWS\System32\Macromed
2007-08-23 21:22:06 0 d
C:\WINDOWS\srchasst
2007-08-23 21:22:04 0 d
C:\Program Files\Movie Maker
2007-08-23 21:22:01 0 d
C:\WINDOWS\System32\Restore
2007-08-23 21:22:01 0 d
C:\WINDOWS\PCHealth
2007-08-23 21:21:25 21640 --a
C:\WINDOWS\System32\emptyregdb.dat
2007-08-23 21:21:13 0 d
C:\WINDOWS\Registration
2007-08-23 21:21:07 0 d--h
C:\Program Files\WindowsUpdate
2007-08-23 21:21:07 0 d
C:\Program Files\Online Services
2007-08-23 21:21:02 0 d
C:\Program Files\Messenger
2007-08-23 21:20:57 0 d
C:\Program Files\MSN Gaming Zone
2007-08-23 21:20:25 0 d
C:\Program Files\Windows NT
2007-08-23 21:20:23 0 d
C:\WINDOWS\System32\MsDtc
2007-08-23 21:20:23 0 d
C:\WINDOWS\System32\Com
-- Find3M Report
2007-08-27 12:46:34 133120 --a
C:\WINDOWS\System32\sfc_os.dll <Not Verified;
Microsoft Corporation; Microsoft® Windows® Operating System>
2007-08-24 02:41:52 62 --ahs---- C:\Documents and Settings\CB SINGH\Application
Data\desktop.ini
-- Registry Dump
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
08/26/2007 05:10 PM 84992 --a
C:\WINDOWS\WebAssist.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" []
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" []
"McAfee Guardian"="C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe"
[01/29/2003 03:01 AM]
"VC5Player"="C:\Program Files\HHVcdV5Sys\VC5Play.exe" []
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/26/2007 01:04
AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="C:\Program Files\McAfee\McAfee Shared Components\Instant
Updater\RuLaunch.exe" [05/23/2003 09:53 AM]
C:\Documents and Settings\CB SINGH\Start Menu\Programs\Startup\
MSWin-262856538.exe [8/27/2007 11:57:52 AM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04
AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Internet Explorer"= {F28A40D7-AD0E-034A-C651-5F0ED76232E6} -
C:\WINDOWS\System32\Ceaiimhq.dll [08/27/2007 11:47 AM 6657]
-- End of Deckard's System Scanner: finished at 2007-08-29 20:58:35
======================================
DSS texts (extra.txt)
Deckard's System Scanner v20070826.66
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English
CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 71%
Physical Memory (total/avail): 246.79 MiB / 70.23 MiB
Pagefile Memory (total/avail): 606.2 MiB / 390.08 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.03 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 9.77 GiB total, 6.76 GiB free.
is Fixed (NTFS) - 10 GiB total, 7.13 GiB free.
E: is Fixed (NTFS) - 20 GiB total, 16 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - WDC WD800BB-22JHA0 - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 9.77 GiB - C:
\PARTITION1 - Installable File System - 10 GiB -
\PARTITION2 - Installable File System - 20 GiB - E:
-- Security Center
AUOptions is scheduled to auto-install.
-- Environment Variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\CB SINGH\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CBSINGH
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\CB SINGH
LOGONSERVER=\\CBSINGH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CBSING~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\CBSING~1\LOCALS~1\Temp
USERDOMAIN=CBSINGH
USERNAME=CB SINGH
USERPROFILE=C:\Documents and Settings\CB SINGH
windir=C:\WINDOWS
-- User Profiles
CB SINGH (admin)
Administrator (admin)
-- Add/Remove Programs
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132
C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe
-uninstallUnlock
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
HijackThis 2.0.0 --> "C:\Documents and Settings\CB SINGH\Desktop\HijackThis.exe" /uninstall
Intel(R) Extreme Graphics 2 Driver --> RUNDLL32.EXE
C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
McAfee Firewall --> MsiExec.exe /I{4471FF45-62BD-11D6-B259-00C04FF4B435}
McAfee VirusScan Home Edition --> MsiExec.exe /X{E4DC62CE-5F95-11D6-B254-00C04FF4B435}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe
/I{90280409-6000-11D3-8CFE-0050048383C9}
Nero 7 Essentials --> MsiExec.exe /I{E98D8E60-5FFD-4A39-A564-E7468ED31033}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI NIC Driver --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup
"C:\Program Files\InstallShield Installation
Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RTLSetup for Realtek RTL8139/810x Family NIC 3.00 --> RunDll32
C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program
Files\InstallShield Installation
Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\Setup.exe" -l0x9 REMOVE
Virtual CD v5 --> MsiExec.exe /I{7F878808-B462-4A82-B956-452595F8B29A}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- Application Event Log
Event Record #/Type122 / Error
Event Submitted/Written: 08/29/2007 08:20:24 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr =
0x80040206.
Event Record #/Type121 / Error
Event Submitted/Written: 08/29/2007 08:20:24 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT
was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please
contact Microsoft Product Support Services to report this error.
Event Record #/Type119 / Error
Event Submitted/Written: 08/29/2007 08:19:05 PM
Event ID/Source: 8193 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr =
0x80040206.
Event Record #/Type118 / Error
Event Submitted/Written: 08/29/2007 08:19:05 PM
Event ID/Source: 4609 / EventSystem
Event Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT
was 8007043C from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please
contact Microsoft Product Support Services to report this error.
Event Record #/Type116 / Error
Event Submitted/Written: 08/29/2007 08:12:53 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application avp.exe, version 1.0.0.1, faulting module ntdll.dll, version
5.1.2600.1106, fault address 0x0000031b.
-- Security Event Log
No Errors/Warnings found.
-- System Event Log
Event Record #/Type1202 / Error
Event Submitted/Written: 08/29/2007 08:38:46 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport
\Device\NetBT_Tcpip_{07B9B5FD-D792-452D-9F38-831953D3D316}.
The backup browser is stopping.
Event Record #/Type1201 / Warning
Event Submitted/Written: 08/29/2007 08:35:22 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\VINAY on the
network \Device\NetBT_Tcpip_{07B9B5FD-D792-452D-9F38-831953D3D316}.
The data is the error code.
Event Record #/Type1199 / Error
Event Submitted/Written: 08/29/2007 08:28:54 PM
Event ID/Source: 11 / PlugPlayManager
Event Description:
The device Root\LEGACY_RUNTIME\0000 disappeared from the system without first being prepared
for removal.
Event Record #/Type1181 / Error
Event Submitted/Written: 08/29/2007 08:25:50 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
runtime2
Event Record #/Type1176 / Error
Event Submitted/Written: 08/29/2007 08:24:55 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 000000d1, parameter1 fffffffc, parameter2 00000002, parameter3 00000000,
parameter4 f9421da6.
-- End of Deckard's System Scanner: finished at 2007-08-29 20:58:35
0 -
You should be very careful following somebody else's instructions trip_3c
Your PC is quite infected, do the following
Please download FixWareout from here:
http://downloads.subratam.org/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log
If you have internet connection problems then do the following :
Please go to Start -> Control Panel, and choose Network Connections. Then right click on your default connection, usually Local Area Connection or Dial-up Connection if you are using Dial-up, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio button that says Obtain DNS servers automatically. Click OK twice, and restart your computer.
1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
O16 - DPF: {10003000-1000-0000-1000-000000000000} () - ms-its:mhtml:file://C:\\foo.mht!http://85.255.118.43/data/on.chm::/on.exe
2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.
Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:
C:\WINDOWS\system32\MSWin-262856538.exe
Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.
Please download OTMoveIt by OldTimer.- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\Web\related.htm
C:\WINDOWS\WebAssist.dll
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At1.job
C:\nptlfp.exe
C:\j7q1c4v1i6s4.exe
C:\WINDOWS\System32\MailSpectre.exe
C:\WINDOWS\System32\drivers\smtpdrv.sys
C:\WINDOWS\System32\Ceaiimhq.dll
C:\45m.exe
C:\WINDOWS\_MSRSTRT.EXE - Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
- Close OTMoveIt
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
Click "Exit" to close OTMoveIt.
So in your next reply I need to see the following : the FixWareout text, the OTMoveIt results, a new DSS log, the results of that file I asked you to scan, and tell me how your PC is running now and if you had any problems.0 -
well bro thnks
My system is working absolutely fine now.
I want to ask u another thing- Wat was there in these reports that drew ur attention
Moreover I want to learn abt it.
Where to start from..
THanks a lot...0 -
Your PC will definitely still have some malware on it trip_3c
I'd suggest you post the reports I asked for and we continue on, your choice though.Wat was there in these reports that drew ur attentionMoreover I want to learn abt it.
Where to start from..
http://forum.piriform.com/lofiversion/index.php/t7929.html0 -
Advertisement
-
The reports are as follows:
FixWareout text
Username "CB SINGH" - 08/30/2007 19:53:44 [Fixwareout edited 2007/07/05]
»»»»»Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.20 85.255.112.175" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{1FCB3570-DF17-473A-ACE2-F3737B42AAD8}
"DhcpNameServer"="85.255.114.20,85.255.112.175" <Value cleared.
Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "0mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls "1mdm" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}46E310310101-2A9B-2F64-13CC-7DB52124{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}5F7CF5CE84D0-1E39-7A04-6A69-96DE2A61{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}A5D1D6811008-B64A-D564-894D-117225F5{" Deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\_r "}B4F145E6A689-E5AB-46D4-5D16-437F25B6{" Deleted
C:\WINDOWS\System32\nfxam.exe Deleted
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"McAfee Guardian"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Guardian\\CMGrdian.exe\" /SU"
"VC5Player"="C:\\Program Files\\HHVcdV5Sys\\VC5Play.exe"
"NWEReboot"=""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfee.InstantUpdate.Monitor"="\"C:\\Program Files\\McAfee\\McAfee Shared Components\\Instant Updater\\RuLaunch.exe\" /STARTMONITOR"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
======================================================
OTMoveIt results
C:\WINDOWS\Web\related.htm moved successfully.
File/Folder C:\WINDOWS\WebAssist.dll not found.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\nptlfp.exe moved successfully.
C:\j7q1c4v1i6s4.exe moved successfully.
C:\WINDOWS\System32\MailSpectre.exe moved successfully.
C:\WINDOWS\System32\drivers\smtpdrv.sys moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\Ceaiimhq.dll
C:\WINDOWS\System32\Ceaiimhq.dll NOT unregistered.
C:\WINDOWS\System32\Ceaiimhq.dll moved successfully.
C:\45m.exe moved successfully.
C:\WINDOWS\_MSRSTRT.EXE moved successfully.
Created on 08/30/2007 20:09:29
=========================================================0 -
Can you please post a new DSS log as well.0
-
According to ur last post, u didnt asked me to execute DSS
Anyways its there in my previous mail, ie on 29-08-2007, 18:11
Thnks0 -
Hard to keep track of things
I need you to run it again, I need to see a new log.0
Advertisement