Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Computer Is Packed With Malware!


  • This topic is locked This topic is locked
38 replies to this topic

#1 bizzysurfer007

bizzysurfer007

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 14 May 2007 - 11:35 AM

I am mainly troubled with the virus eraseme. I have avg installed Can anybody help
Logfile of HijackThis v1.99.1
Scan saved at 22:00:54, on 14/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\GetRight\GetRight.exe
C:\WINDOWS\TEMP\eraseme_85861.exe
c:\msetus.exe
C:\WINDOWS\TEMP\eraseme_56721.exe
C:\WINDOWS\TEMP\eraseme_86206.exe
c:\msetus.exe
c:\msetus.exe
c:\bsys.exe
C:\WINDOWS\TEMP\eraseme_08267.exe
c:\msetus.exe
C:\WINDOWS\TEMP\eraseme_57885.exe
c:\msetus.exe
C:\WINDOWS\TEMP\eraseme_16233.exe
C:\WINDOWS\TEMP\eraseme_41367.exe
C:\WINDOWS\TEMP\eraseme_43658.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\svshost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [MSConfig]
O4 - HKLM\..\Run: [WindowsUpdate]
O4 - HKLM\..\Run: [,realset]
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C428BC27-897C-400A-ACA1-9BD28992785B}: NameServer = 172.16.2.1
O20 - AppInit_DLLs: C:\WINDOWS\System32\perfc000.dat
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Remote Storage Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Shell Code Services - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Window Configs Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 14 May 2007 - 12:32 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Open the extracted SDFix folder and double click runThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any key and it will restart the PC.
When the PC restarts the fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Post this in your next reply, along with a new HijackThis log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 14 May 2007 - 06:19 PM

Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 04:45:25, on 15/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [,realset] $$
O4 - HKLM\..\Run: [!AVG Anti-Spyware] $$
O4 - HKLM\..\Run: [SConfig] $$
O4 - HKLM\..\Run: [indowsUpdate] $$
O4 - HKLM\..\Run: [realset] $$
O4 - HKLM\..\Run: [AVG Anti-Spyware] $$
O4 - HKLM\..\Run: [UserFaultCheck] $$
O4 - HKLM\..\Run: [$$] $$
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C428BC27-897C-400A-ACA1-9BD28992785B}: NameServer = 172.16.2.1
O20 - AppInit_DLLs: C:\WINDOWS\System32\perfc000.dat
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Remote Storage Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Shell Code Services - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)
O23 - Service: Web Client Supply - Unknown owner - C:\WINDOWS\system32\svshost.exe (file missing)

SDFix Report:

SDFix: Version 1.84

Run by Administrator - 15/05/2007 - 4:31:39.67

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\102544~1 - Deleted
C:\WINDOWS\SYSTEM32\SETUP_~2.EXE - Deleted
C:\WINDOWS\SYSTEM32\ERAC02~1.EXE - Deleted
C:\WINDOWS\SYSTEM32\ERA80C~1.EXE - Deleted
C:\WINDOWS\system32\eraseme_20145.exe - Deleted
C:\WINDOWS\system32\eraseme_78725.exe - Deleted
C:\WINDOWS\system32\eraseme_02372.exe - Deleted
C:\WINDOWS\system32\eraseme_73186.exe - Deleted
C:\WINDOWS\system32\eraseme_04413.exe - Deleted
C:\WINDOWS\system32\eraseme_70105.exe - Deleted
C:\WINDOWS\system32\eraseme_28376.exe - Deleted
C:\WINDOWS\system32\eraseme_34751.exe - Deleted
C:\WINDOWS\system32\eraseme_24752.exe - Deleted
C:\WINDOWS\system32\eraseme_57207.exe - Deleted
C:\WINDOWS\system32\eraseme_13037.exe - Deleted
C:\WINDOWS\system32\eraseme_62082.exe - Deleted
C:\WINDOWS\system32\eraseme_61486.exe - Deleted
C:\WINDOWS\system32\eraseme_70062.exe - Deleted
C:\WINDOWS\Temp\eraseme_86185.exe - Deleted
C:\WINDOWS\Temp\eraseme_00550.exe - Deleted
C:\WINDOWS\Temp\eraseme_83755.exe - Deleted
C:\WINDOWS\Temp\eraseme_61005.exe - Deleted
C:\WINDOWS\Temp\eraseme_12176.exe - Deleted
C:\WINDOWS\Temp\eraseme_73263.exe - Deleted
C:\WINDOWS\Temp\eraseme_16238.exe - Deleted
C:\WINDOWS\Temp\eraseme_56207.exe - Deleted
C:\WINDOWS\Temp\eraseme_75254.exe - Deleted
C:\WINDOWS\Temp\eraseme_07870.exe - Deleted
C:\WINDOWS\Temp\eraseme_08628.exe - Deleted
C:\WINDOWS\Temp\eraseme_60288.exe - Deleted
C:\WINDOWS\Temp\eraseme_64110.exe - Deleted
C:\WINDOWS\Temp\eraseme_34148.exe - Deleted
C:\WINDOWS\Temp\eraseme_78104.exe - Deleted
C:\WINDOWS\Temp\eraseme_44182.exe - Deleted
C:\WINDOWS\Temp\eraseme_73464.exe - Deleted
C:\WINDOWS\Temp\eraseme_73681.exe - Deleted
C:\WINDOWS\Temp\eraseme_70100.exe - Deleted
C:\WINDOWS\Temp\eraseme_41287.exe - Deleted
C:\WINDOWS\Temp\eraseme_64337.exe - Deleted
C:\WINDOWS\Temp\eraseme_64006.exe - Deleted
C:\WINDOWS\Temp\eraseme_73760.exe - Deleted
C:\WINDOWS\Temp\eraseme_43321.exe - Deleted
C:\WINDOWS\Temp\eraseme_57562.exe - Deleted
C:\WINDOWS\Temp\eraseme_74112.exe - Deleted
C:\WINDOWS\Temp\eraseme_11221.exe - Deleted
C:\WINDOWS\Temp\eraseme_85370.exe - Deleted
C:\WINDOWS\Temp\eraseme_28462.exe - Deleted
C:\WINDOWS\Temp\eraseme_66863.exe - Deleted
C:\WINDOWS\Temp\eraseme_22364.exe - Deleted
C:\WINDOWS\Temp\eraseme_54075.exe - Deleted
C:\WINDOWS\Temp\eraseme_42477.exe - Deleted
C:\WINDOWS\Temp\eraseme_17772.exe - Deleted
C:\WINDOWS\Temp\eraseme_33378.exe - Deleted
C:\WINDOWS\Temp\eraseme_62546.exe - Deleted
C:\WINDOWS\Temp\eraseme_52111.exe - Deleted
C:\WINDOWS\Temp\eraseme_84635.exe - Deleted
C:\WINDOWS\Temp\eraseme_74370.exe - Deleted
C:\WINDOWS\Temp\eraseme_62652.exe - Deleted
C:\WINDOWS\Temp\eraseme_17500.exe - Deleted
C:\WINDOWS\Temp\eraseme_24182.exe - Deleted
C:\WINDOWS\Temp\eraseme_31487.exe - Deleted
C:\WINDOWS\Temp\eraseme_72146.exe - Deleted
C:\WINDOWS\Temp\eraseme_16752.exe - Deleted
C:\WINDOWS\Temp\eraseme_08135.exe - Deleted
C:\WINDOWS\Temp\eraseme_51160.exe - Deleted
C:\WINDOWS\Temp\eraseme_28643.exe - Deleted
C:\WINDOWS\Temp\eraseme_07176.exe - Deleted
C:\WINDOWS\Temp\eraseme_83748.exe - Deleted
C:\WINDOWS\Temp\eraseme_52648.exe - Deleted
C:\WINDOWS\Temp\eraseme_27506.exe - Deleted
C:\WINDOWS\Temp\eraseme_48206.exe - Deleted
C:\WINDOWS\Temp\eraseme_05080.exe - Deleted
C:\WINDOWS\Temp\eraseme_86507.exe - Deleted
C:\WINDOWS\Temp\eraseme_46810.exe - Deleted
C:\WINDOWS\Temp\eraseme_05860.exe - Deleted
C:\WINDOWS\Temp\eraseme_61141.exe - Deleted
C:\WINDOWS\Temp\eraseme_01237.exe - Deleted
C:\WINDOWS\Temp\eraseme_28736.exe - Deleted
C:\WINDOWS\Temp\eraseme_81751.exe - Deleted
C:\WINDOWS\Temp\eraseme_34622.exe - Deleted
C:\WINDOWS\Temp\eraseme_64480.exe - Deleted
C:\WINDOWS\Temp\eraseme_05574.exe - Deleted
C:\WINDOWS\Temp\eraseme_44464.exe - Deleted
C:\WINDOWS\Temp\eraseme_08673.exe - Deleted
C:\WINDOWS\Temp\eraseme_07485.exe - Deleted
C:\WINDOWS\Temp\eraseme_75245.exe - Deleted
C:\WINDOWS\Temp\eraseme_21358.exe - Deleted
C:\WINDOWS\Temp\eraseme_83605.exe - Deleted
C:\WINDOWS\Temp\eraseme_15681.exe - Deleted
C:\WINDOWS\Temp\eraseme_13286.exe - Deleted
C:\WINDOWS\Temp\eraseme_38606.exe - Deleted
C:\WINDOWS\Temp\eraseme_88516.exe - Deleted
C:\WINDOWS\Temp\eraseme_46565.exe - Deleted
C:\WINDOWS\Temp\eraseme_61602.exe - Deleted
C:\WINDOWS\Temp\eraseme_80042.exe - Deleted
C:\WINDOWS\Temp\eraseme_51722.exe - Deleted
C:\WINDOWS\Temp\eraseme_34610.exe - Deleted
C:\WINDOWS\Temp\eraseme_15454.exe - Deleted
C:\WINDOWS\Temp\eraseme_22031.exe - Deleted
C:\WINDOWS\Temp\eraseme_60435.exe - Deleted
C:\WINDOWS\Temp\eraseme_65183.exe - Deleted
C:\WINDOWS\Temp\eraseme_68665.exe - Deleted
C:\WINDOWS\Temp\eraseme_85407.exe - Deleted
C:\WINDOWS\Temp\eraseme_71655.exe - Deleted
C:\WINDOWS\Temp\eraseme_66011.exe - Deleted
C:\WINDOWS\Temp\eraseme_67226.exe - Deleted
C:\WINDOWS\Temp\eraseme_22367.exe - Deleted
C:\WINDOWS\Temp\eraseme_06100.exe - Deleted
C:\WINDOWS\Temp\eraseme_80867.exe - Deleted
C:\WINDOWS\Temp\eraseme_84720.exe - Deleted
C:\WINDOWS\Temp\eraseme_45583.exe - Deleted
C:\WINDOWS\Temp\eraseme_34212.exe - Deleted
C:\WINDOWS\Temp\eraseme_43222.exe - Deleted
C:\WINDOWS\Temp\eraseme_62186.exe - Deleted
C:\WINDOWS\Temp\eraseme_10701.exe - Deleted
C:\WINDOWS\Temp\eraseme_38750.exe - Deleted
C:\WINDOWS\Temp\eraseme_83827.exe - Deleted
C:\WINDOWS\Temp\eraseme_15014.exe - Deleted
C:\WINDOWS\Temp\eraseme_75444.exe - Deleted
C:\WINDOWS\Temp\eraseme_74374.exe - Deleted
C:\WINDOWS\Temp\eraseme_20208.exe - Deleted
C:\WINDOWS\Temp\eraseme_81262.exe - Deleted
C:\WINDOWS\Temp\eraseme_50022.exe - Deleted
C:\WINDOWS\Temp\eraseme_52653.exe - Deleted
C:\WINDOWS\Temp\eraseme_23752.exe - Deleted
C:\WINDOWS\Temp\eraseme_61417.exe - Deleted
C:\WINDOWS\Temp\eraseme_36577.exe - Deleted
C:\WINDOWS\Temp\eraseme_23610.exe - Deleted
C:\WINDOWS\Temp\eraseme_14411.exe - Deleted
C:\WINDOWS\Temp\eraseme_34071.exe - Deleted
C:\WINDOWS\Temp\eraseme_43782.exe - Deleted
C:\WINDOWS\Temp\eraseme_70237.exe - Deleted
C:\WINDOWS\Temp\eraseme_76473.exe - Deleted
C:\WINDOWS\Temp\eraseme_47116.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\setup_18516.exe - Deleted
C:\WINDOWS\system32\svshost.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"c:\\windows\\system32\\winlogin3.exe"="c:\\windows\\system32\\winlogin3.exe:*:Enabled:winlogin3"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\COMMAND.COM
C:\WINDOWS\system32\sstqr.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\uvyufyls.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\obieacsa.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\euoufwgo.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\qmvyqwhb.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\hgmjqcpn.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\greiyyxp.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\gfyckflb.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\dcqbkltj.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\qalmsbyr.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\umhnlgaq.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\vilmdhfb.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\bowqgpud.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\kkstikjt.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\abxmtixa.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\mtrerwvp.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\pxxfpsfw.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\oaqdecqh.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\gglyxley.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\evegllsx.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\ilpuyfue.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\afihksts.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\jrsbfsnn.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\swhxgqwn.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\ufkrdorv.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\cvxuiqeu.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\saeusqnl.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\klmnxhoe.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\bnqpdphk.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\skpmbefy.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\bvkumesw.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\sbcvwydf.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\fxcfsamg.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\wqndorbq.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\rgbyxsdd.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\bdnpxdpg.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\patdqqbp.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\lwvkqpls.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\aqmbfsjt.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\vwbkmsos.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\mbvctifa.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\gbikrryb.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\mtpvxwns.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\dyglossc.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\sfeuhtds.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\adpdbayu.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\yeamtjcd.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\ddepldon.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\otcpayor.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\rbdnnfdg.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\meulyqnp.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\qsltgfpq.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\kygbvwcv.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\bfjabmvu.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\hosslxck.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\xccnqkrj.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\ggywthvo.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\fqbwcslf.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\yfudpvau.dll
C:\Documents and Settings\Chetan Sharma\Local Settings\Temp\ritcwtkc.dll
C:\WINDOWS\system32\qrutv.tmp
C:\WINDOWS\system32\ijkkj.tmp
C:\WINDOWS\system32\utvwa.tmp
C:\WINDOWS\system32\rqtss.tmp

Finished

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 May 2007 - 01:56 AM

Hello again, before we start with the fixing I'd like one more log.
Please download ATF Cleaner to your Desktop.
Don't run it yet.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Double click ATF-Cleaner.exe to run the program.
Under Main choose Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
Note: If you would like to keep your saved passwords, please click "No" at the prompt.

Click Exit on the main menu to close the program.

Boot back into Normal Mode again.

Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please include the ComboFix log, along with a new HijackThis log in your next post.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 18 May 2007 - 11:01 AM

ComboFix 07-05.17.6.V - Running from: "C:\Downloads\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\iifccab.dll
C:\WINDOWS\system32\pmnoono.dll
C:\WINDOWS\system32\cpfgqntf.dll
C:\WINDOWS\system32\tuvusts.dll
C:\WINDOWS\system32\opnllli.dll
C:\WINDOWS\system32\ejcffnrt.dll
C:\WINDOWS\system32\oijhqqjx.dll
C:\WINDOWS\system32\vsjicwsa.dll
C:\WINDOWS\system32\awtqppm.dll
C:\WINDOWS\system32\tuvtstr.dll
C:\WINDOWS\system32\urqrsqq.dll
C:\WINDOWS\system32\cdcileqy.dll
C:\WINDOWS\system32\byxyxxu.dll
C:\WINDOWS\system32\khfebxw.dll
C:\WINDOWS\system32\cbxvuut.dll
C:\WINDOWS\system32\fccyaxv.dll
C:\WINDOWS\system32\eadxwree.dll
C:\WINDOWS\system32\urqqolj.dll
C:\WINDOWS\system32\cqkllhlm.dll
C:\WINDOWS\system32\rqrsqqr.dll
C:\WINDOWS\system32\ddcdcyw.dll
C:\WINDOWS\system32\efcyyab.dll
C:\WINDOWS\system32\urqpolj.dll
C:\WINDOWS\system32\vsmsymbq.dll
C:\WINDOWS\system32\ogowdllg.dll
C:\WINDOWS\system32\baocqjwt.dll
C:\WINDOWS\system32\ljjjkji.dll
C:\WINDOWS\system32\wsdnvong.dll
C:\WINDOWS\system32\uqkrtfhy.dll
C:\WINDOWS\system32\tuvtsqn.dll
C:\WINDOWS\system32\acybkluv.dll
C:\WINDOWS\system32\marpchtj.dll
C:\WINDOWS\system32\khfggfg.dll
C:\WINDOWS\system32\okmqaibh.dll
C:\WINDOWS\system32\wvutqno.dll
C:\WINDOWS\system32\ljjkljk.dll
C:\WINDOWS\system32\crrhorqh.dll
C:\WINDOWS\system32\xxyabxv.dll
C:\WINDOWS\system32\konbwyrn.dll
C:\WINDOWS\system32\uovgmdft.dll
C:\WINDOWS\system32\rqrqrsr.dll
C:\WINDOWS\system32\ljjgggf.dll
C:\WINDOWS\system32\rqrqqpm.dll
C:\WINDOWS\system32\jkgtuuql.dll
C:\WINDOWS\system32\ddccbya.dll
C:\WINDOWS\system32\wwjmodyv.dll
C:\WINDOWS\system32\vtuspom.dll
C:\WINDOWS\system32\iifdbyx.dll
C:\WINDOWS\system32\csoutnet.dll
C:\WINDOWS\system32\ddccawu.dll
C:\WINDOWS\system32\awtqomk.dll
C:\WINDOWS\system32\khfecca.dll
C:\WINDOWS\system32\whkdghaf.dll
C:\WINDOWS\system32\byxvwtq.dll
C:\WINDOWS\system32\ljjkiih.dll
C:\WINDOWS\system32\xxyxyvw.dll
C:\WINDOWS\system32\jkklifg.dll
C:\WINDOWS\system32\hgggfec.dll
C:\WINDOWS\system32\fccyaxu.dll
C:\WINDOWS\system32\xxywxxw.dll
C:\WINDOWS\system32\iiffdaw.dll
C:\WINDOWS\system32\wvussqo.dll
C:\WINDOWS\system32\jkkjijh.dll
C:\WINDOWS\system32\ddccbyv.dll
C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\ddcbcay.dll
C:\WINDOWS\system32\mljhijk.dll
C:\WINDOWS\system32\urqppon.dll
C:\WINDOWS\system32\iiffecd.dll
C:\WINDOWS\system32\khfedca.dll
C:\WINDOWS\system32\ssqopmj.dll
C:\WINDOWS\system32\nnnnopp.dll
C:\WINDOWS\system32\iiffcab.dll
C:\WINDOWS\system32\ljjgfeb.dll
C:\WINDOWS\system32\ssqppqr.dll
C:\WINDOWS\system32\ijxrlixs.dll
C:\WINDOWS\system32\hlcorqwl.dll
C:\WINDOWS\system32\fcccdec.dll
C:\WINDOWS\system32\tuvutts.dll
C:\WINDOWS\system32\rqrrqno.dll
C:\WINDOWS\system32\cbxvuro.dll
C:\WINDOWS\system32\gebaabb.dll
C:\WINDOWS\system32\nnnomki.dll
C:\WINDOWS\system32\pmnnlif.dll
C:\WINDOWS\system32\ssqqolj.dll
C:\WINDOWS\system32\ddcdcax.dll
C:\WINDOWS\system32\ljjhgde.dll
C:\WINDOWS\system32\hgggghg.dll
C:\WINDOWS\system32\rqrpnnk.dll
C:\WINDOWS\system32\ssqpnlj.dll
C:\WINDOWS\system32\byxvsqo.dll
C:\WINDOWS\system32\yayxuvt.dll
C:\WINDOWS\system32\pmnkjjg.dll
C:\WINDOWS\system32\ddcywur.dll
C:\WINDOWS\system32\ssqrqqo.dll
C:\WINDOWS\system32\rqrspnk.dll
C:\WINDOWS\system32\mljjihf.dll
C:\WINDOWS\system32\wvuvtrq.dll
C:\WINDOWS\system32\efccbbb.dll
C:\WINDOWS\system32\vtuvwtu.dll
C:\WINDOWS\system32\byxvspq.dll
C:\WINDOWS\system32\byxvwxw.dll
C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\mljggdc.dll
C:\WINDOWS\system32\jkkigdd.dll
C:\WINDOWS\system32\rqrqpml.dll
C:\WINDOWS\system32\urqnoli.dll
C:\WINDOWS\system32\xxyvwvw.dll
C:\WINDOWS\system32\efcdayy.dll
C:\WINDOWS\system32\vtuvtut.dll
C:\WINDOWS\system32\byxyxut.dll
C:\WINDOWS\system32\qommkhg.dll
C:\WINDOWS\system32\xxyxxxv.dll
C:\WINDOWS\system32\ssqrrqr.dll
C:\WINDOWS\system32\jkkhijj.dll
C:\WINDOWS\system32\pmnnnkl.dll
C:\WINDOWS\system32\opnlmll.dll
C:\WINDOWS\system32\yaywvwx.dll
C:\WINDOWS\system32\vtussst.dll
C:\WINDOWS\system32\wvutspo.dll
C:\WINDOWS\system32\yayxutr.dll
C:\WINDOWS\system32\qommlif.dll
C:\WINDOWS\system32\xxyabbc.dll
C:\WINDOWS\system32\ssqnoml.dll
C:\WINDOWS\system32\urqqoli.dll
C:\WINDOWS\system32\ddcyxyv.dll
C:\WINDOWS\system32\pmnmjih.dll
C:\WINDOWS\system32\nnnkjkk.dll
C:\WINDOWS\system32\urqpppm.dll
C:\WINDOWS\system32\khfdddb.dll
C:\WINDOWS\system32\opnlmlj.dll
C:\WINDOWS\system32\tuvvvsq.dll
C:\WINDOWS\system32\byxvwvw.dll
C:\WINDOWS\system32\awtqoli.dll
C:\WINDOWS\system32\khfcyaa.dll
C:\WINDOWS\system32\xxywuuu.dll
C:\WINDOWS\system32\fccccbb.dll
C:\WINDOWS\system32\byxvuvu.dll
C:\WINDOWS\system32\vtuuuss.dll
C:\WINDOWS\system32\tuvvvvw.dll
C:\WINDOWS\system32\rqromml.dll
C:\WINDOWS\system32\qomnmmj.dll
C:\WINDOWS\system32\qommjkh.dll
C:\WINDOWS\system32\yayvwuu.dll
C:\WINDOWS\system32\iifddaa.dll
C:\WINDOWS\system32\ddccdcb.dll
C:\WINDOWS\system32\gebxwtr.dll
C:\WINDOWS\system32\jkkligg.dll
C:\WINDOWS\system32\ssqpqol.dll
C:\WINDOWS\system32\byxxvvu.dll
C:\WINDOWS\system32\xxyvtqn.dll
C:\WINDOWS\system32\efcbyay.dll
C:\WINDOWS\system32\wvutrrq.dll
C:\WINDOWS\system32\jkkjkhi.dll
C:\WINDOWS\system32\byxwtss.dll
C:\WINDOWS\system32\urqnmjk.dll
C:\WINDOWS\system32\xjqqhjio.ini
C:\WINDOWS\system32\aswcijsv.ini
C:\WINDOWS\system32\yhftrkqu.ini
C:\WINDOWS\system32\fahgdkhw.ini
C:\WINDOWS\system32\rqtss.ini2
C:\WINDOWS\system32\rqtss.bak2
C:\WINDOWS\system32\rqtss.tmp
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\rqtss.bak1
C:\WINDOWS\system32\lwqroclh.ini
C:\WINDOWS\system32\iifdbaw.dll
C:\WINDOWS\system32\sstqr.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vbzip11.dll
C:\WINDOWS\system32\helper.sys


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\Iprip


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))


2007-05-18 18:56 66,826 --a------ C:\WINDOWS\system32\eraseme_86683.exe
2007-05-15 23:01 66,826 --a------ C:\WINDOWS\system32\setup_81170.exe
2007-05-15 22:49 66,826 --------- C:\WINDOWS\system32\svshost.exe
2007-05-15 05:50 786,622 --a------ C:\SDFix.exe
2007-05-15 02:31 8,456 --a------ C:\bsys.exe
2007-05-15 02:31 4,344 --a------ C:\nzlrs.exe
2007-05-15 02:30 6,724 --a------ C:\msetus.exe
2007-05-15 02:30 6,656 --a------ C:\nzcv.exe
2007-05-14 22:37 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-05-14 17:49 <DIR> d-------- C:\Program Files\Capitalism II Demo
2007-05-13 23:42 4,344 --a------ C:\mss.exe
2007-05-13 22:34 4,296 --a------ C:\ph2.exe
2007-05-13 09:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PopCap
2007-05-13 09:51 <DIR> d-------- C:\Program Files\PopCap Games
2007-05-13 08:01 <DIR> d-------- C:\Program Files\Capitalism 2
2007-05-12 16:16 <DIR> d-------- C:\DOCUME~1\CHETAN~1\APPLIC~1\Help
2007-05-09 21:43 1 --a------ C:\WINDOWS\system32\ps.dat
2007-05-09 21:43 1 --a------ C:\WINDOWS\system32\cookie.dat
2007-05-08 01:19 7,089 ---hs---- C:\WINDOWS\system32\utvwa.ini2
2007-05-06 07:50 <DIR> d-------- C:\Program Files\mIRC
2007-05-06 06:41 <DIR> d-------- C:\openkore
2007-05-04 06:26 <DIR> d-------- C:\cfmtemp
2007-04-27 03:28 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-27 00:11 613,344 ---hs---- C:\WINDOWS\system32\utvwa.bak2
2007-04-25 22:04 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-04-25 22:04 <DIR> d-------- C:\DOCUME~1\CHETAN~1\APPLIC~1\MegauploadToolbar
2007-04-25 21:59 <DIR> d-------- C:\Downloads
2007-04-25 21:39 <DIR> d-------- C:\WINDOWS\pss
2007-04-22 22:53 613,604 ---hs---- C:\WINDOWS\system32\utvwa.bak1
2007-04-22 20:42 577,536 --a------ C:\WINDOWS\system32\igfxres.dll
2007-04-22 20:33 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2007-04-22 20:33 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2007-04-22 20:33 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2007-04-22 20:33 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2007-04-22 20:33 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2007-04-22 20:33 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2007-04-22 20:33 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2007-04-22 20:33 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2007-04-22 20:33 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2007-04-22 20:32 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2007-04-22 20:32 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2007-04-22 20:32 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-04-22 20:32 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2007-04-22 20:32 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2007-04-22 20:32 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2007-04-22 20:32 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2007-04-22 20:32 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2007-04-22 20:32 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2007-04-22 20:32 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2007-04-22 20:32 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2007-04-22 20:32 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2007-04-22 20:32 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2007-04-22 20:32 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2007-04-22 20:32 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2007-04-22 20:32 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2007-04-22 20:32 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2007-04-22 20:32 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2007-04-22 20:29 258,048 --------- C:\WINDOWS\system32\shpshftr.dll
2007-04-22 20:29 <DIR> d-------- C:\Dx
2007-04-22 20:27 98,304 --a------ C:\WINDOWS\system32\igfxhk.dll
2007-04-22 20:27 90,112 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-04-22 20:27 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll
2007-04-22 20:27 702,845 --a------ C:\WINDOWS\system32\i81xdnt5.dll
2007-04-22 20:27 4,255 --a------ C:\WINDOWS\system32\drivers\adv01nt5.dll
2007-04-22 20:27 393,216 --a------ C:\WINDOWS\system32\igfxcfg.exe
2007-04-22 20:27 372,736 --a------ C:\WINDOWS\system32\i81xgdev.dll
2007-04-22 20:27 33,599 --a------ C:\WINDOWS\system32\drivers\wATV04nt.sys
2007-04-22 20:27 3,967 --a------ C:\WINDOWS\system32\drivers\adv02nt5.dll
2007-04-22 20:27 3,901 --a------ C:\WINDOWS\system32\drivers\SiInt5.dll
2007-04-22 20:27 3,775 --a------ C:\WINDOWS\system32\drivers\adv11nt5.dll
2007-04-22 20:27 3,711 --a------ C:\WINDOWS\system32\drivers\adv09nt5.dll
2007-04-22 20:27 3,647 --a------ C:\WINDOWS\system32\drivers\adv07nt5.dll
2007-04-22 20:27 3,615 --a------ C:\WINDOWS\system32\drivers\adv05nt5.dll
2007-04-22 20:27 3,135 --a------ C:\WINDOWS\system32\drivers\adv08nt5.dll
2007-04-22 20:27 29,311 --a------ C:\WINDOWS\system32\drivers\wATV01nt.sys
2007-04-22 20:27 28,672 --a------ C:\WINDOWS\system32\igfxdgps.dll
2007-04-22 20:27 274,432 --a------ C:\WINDOWS\system32\igfxsrvc.dll
2007-04-22 20:27 25,471 --a------ C:\WINDOWS\system32\drivers\wATV10nt.sys
2007-04-22 20:27 25,471 --a------ C:\WINDOWS\system32\drivers\atv04nt5.dll
2007-04-22 20:27 23,615 --a------ C:\WINDOWS\system32\drivers\wCh7xxNT.sys
2007-04-22 20:27 22,271 --a------ C:\WINDOWS\system32\drivers\wATV06nt.sys
2007-04-22 20:27 217,088 --a------ C:\WINDOWS\system32\igfxeud.dll
2007-04-22 20:27 21,183 --a------ C:\WINDOWS\system32\drivers\atv01nt5.dll
2007-04-22 20:27 19,551 --a------ C:\WINDOWS\system32\drivers\wATV02NT.sys
2007-04-22 20:27 19,455 --a------ C:\WINDOWS\system32\drivers\wVchNTxx.sys
2007-04-22 20:27 184,320 --a------ C:\WINDOWS\system32\igfxpph.dll
2007-04-22 20:27 17,279 --a------ C:\WINDOWS\system32\drivers\atv10nt5.dll
2007-04-22 20:27 161,020 --a------ C:\WINDOWS\system32\drivers\i81xnt5.sys
2007-04-22 20:27 151,552 --a------ C:\WINDOWS\system32\igfxdiag.exe
2007-04-22 20:27 15,423 --a------ C:\WINDOWS\system32\drivers\Ch7xxNT5.dll
2007-04-22 20:27 143,360 --a------ C:\WINDOWS\system32\igfxtray.exe
2007-04-22 20:27 14,143 --a------ C:\WINDOWS\system32\drivers\atv06nt5.dll
2007-04-22 20:27 126,976 --a------ C:\WINDOWS\system32\igfxdev.dll
2007-04-22 20:27 12,415 --a------ C:\WINDOWS\system32\drivers\wADV01nt.sys
2007-04-22 20:27 12,351 --a------ C:\WINDOWS\system32\i81xcoin.dll
2007-04-22 20:27 12,127 --a------ C:\WINDOWS\system32\drivers\wADV02NT.sys
2007-04-22 20:27 12,063 --a------ C:\WINDOWS\system32\drivers\wSiINTxx.sys
2007-04-22 20:27 114,688 --a------ C:\WINDOWS\system32\hccutils.dll
2007-04-22 20:27 11,935 --a------ C:\WINDOWS\system32\drivers\wADV11NT.sys
2007-04-22 20:27 11,871 --a------ C:\WINDOWS\system32\drivers\wADV09NT.sys
2007-04-22 20:27 11,807 --a------ C:\WINDOWS\system32\drivers\wADV07nt.sys
2007-04-22 20:27 11,775 --a------ C:\WINDOWS\system32\drivers\wADV05NT.sys
2007-04-22 20:27 11,359 --a------ C:\WINDOWS\system32\drivers\atv02nt5.dll
2007-04-22 20:27 11,325 --a------ C:\WINDOWS\system32\drivers\Vchnt5.dll
2007-04-22 20:27 11,295 --a------ C:\WINDOWS\system32\drivers\wADV08NT.sys
2007-04-22 20:27 1,777,664 --a------ C:\WINDOWS\system32\i81xgicd.dll
2007-04-22 20:19 500,264 ---hs---- C:\WINDOWS\system32\qrutv.ini2
2007-04-22 19:40 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-04-22 19:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-22 19:39 <DIR> d-------- C:\WINDOWS\Drivers
2007-04-22 19:34 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2007-04-22 19:31 <DIR> d-------- C:\DOCUME~1\CHETAN~1\APPLIC~1\SystemRequirementsLab
2007-04-22 18:29 494,925 ---hs---- C:\WINDOWS\system32\qrutv.bak1
2007-04-22 15:51 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-04-21 16:38 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-04-21 16:36 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll
2007-04-21 16:36 76,800 --a------ C:\WINDOWS\system32\dmscript.dll
2007-04-21 16:36 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll
2007-04-21 16:36 7,424 --a------ C:\WINDOWS\system32\drivers\mskssrv.sys
2007-04-21 16:36 667,648 --a------ C:\WINDOWS\system32\dinput8.dll
2007-04-21 16:36 64,512 --a------ C:\WINDOWS\system32\amstream.dll
2007-04-21 16:36 590,336 --a------ C:\WINDOWS\system32\d3dramp.dll
2007-04-21 16:36 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll
2007-04-21 16:36 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
2007-04-21 16:36 5,248 --a------ C:\WINDOWS\system32\drivers\mspclock.sys
2007-04-21 16:36 47,616 --a------ C:\WINDOWS\system32\d3dxof.dll
2007-04-21 16:36 436,224 --a------ C:\WINDOWS\system32\d3dim.dll
2007-04-21 16:36 4,608 --a------ C:\WINDOWS\system32\drivers\mspqm.sys
2007-04-21 16:36 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2007-04-21 16:36 4,096 --a------ C:\WINDOWS\system32\drivers\swenum.sys
2007-04-21 16:36 350,208 --a------ C:\WINDOWS\system32\d3drm.dll
2007-04-21 16:36 34,816 --a------ C:\WINDOWS\system32\d3dpmesh.dll
2007-04-21 16:36 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll
2007-04-21 16:36 33,280 --a------ C:\WINDOWS\system32\dmloader.dll
2007-04-21 16:36 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll
2007-04-21 16:36 27,136 --a------ C:\WINDOWS\system32\dmband.dll
2007-04-21 16:36 257,024 --a------ C:\WINDOWS\system32\qcap.dll
2007-04-21 16:36 18,944 --a------ C:\WINDOWS\system32\encapi.dll
2007-04-21 16:36 18,432 --a------ C:\WINDOWS\system32\dswave.dll
2007-04-21 16:36 173,056 --a------ C:\WINDOWS\system32\qasf.dll
2007-04-21 16:36 132,608 --a------ C:\WINDOWS\system32\devenum.dll
2007-04-21 16:36 130,304 --a------ C:\WINDOWS\system32\drivers\ks.sys
2007-04-21 16:36 13,312 --a------ C:\WINDOWS\system32\msdmo.dll
2007-04-21 16:36 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll
2007-04-21 16:36 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2007-04-21 16:36 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll
2007-04-21 16:36 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll
2007-04-21 16:35 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe
2007-04-21 16:35 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll
2007-04-21 16:35 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll
2007-04-21 16:35 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll
2007-04-21 16:35 723,968 --a------ C:\WINDOWS\system32\dpnet.dll
2007-04-21 16:35 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll
2007-04-21 16:35 648,704 --a------ C:\WINDOWS\system32\dinput.dll
2007-04-21 16:35 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll
2007-04-21 16:35 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll
2007-04-21 16:35 467,968 --a------ C:\WINDOWS\system32\diactfrm.dll
2007-04-21 16:35 44,032 --a------ C:\WINDOWS\system32\dimap.dll
2007-04-21 16:35 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll
2007-04-21 16:35 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll
2007-04-21 16:35 31,744 --a------ C:\WINDOWS\system32\pid.dll
2007-04-21 16:35 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll
2007-04-21 16:35 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll
2007-04-21 16:35 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe
2007-04-21 16:35 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll
2007-04-21 16:35 223,232 --a------ C:\WINDOWS\system32\gcdef.dll
2007-04-21 16:35 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll
2007-04-21 16:35 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll
2007-04-21 16:35 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe
2007-04-21 16:35 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll
2007-04-21 16:35 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll
2007-04-21 16:35 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll
2007-04-21 08:23 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-21 08:21 <DIR> d-------- C:\WINDOWS\ShellNew
2007-04-20 21:21 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-04-20 21:21 <DIR> d-------- C:\Program Files\cfecrypt_decrypt
2007-04-20 07:27 480,789 ---hs---- C:\WINDOWS\system32\ijkkj.ini2
2007-04-19 22:29 <DIR> d-------- C:\DOCUME~1\CHETAN~1\APPLIC~1\Locktime
2007-04-19 22:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Locktime


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-14 11:41:42 463 ----a-w C:\CONFIG.DAT
2007-04-22 11:52:26 469,331 --sh--w C:\WINDOWS\system32\ijkkj.bak1
2007-04-22 11:52:12 469,118 --sh--w C:\WINDOWS\system32\ijkkj.bak2
2007-04-15 05:39:42 -------- d-----w C:\DOCUME~1\CHETAN~1\APPLIC~1\OZ Intermedia
2007-04-12 01:30:02 44,989 ----a-w C:\WINDOWS\War3Unin.dat
2007-04-12 01:29:56 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2007-04-12 01:29:56 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2007-04-11 18:29:22 49,152 ----a-w C:\WINDOWS\system32\cfperfmon_mx.dll
2007-04-11 16:00:20 21 ---ha-w C:\qpmd8378.bin
2007-04-11 15:54:34 -------- d--h--w C:\Program Files\Zero G Registry
2007-04-11 15:36:30 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-08 10:18:14 -------- d-----w C:\DOCUME~1\CHETAN~1\APPLIC~1\uTorrent
2007-04-08 08:14:42 -------- d-----w C:\DOCUME~1\CHETAN~1\APPLIC~1\WinRAR
2007-04-08 07:50:04 -------- d-----w C:\Program Files\Warcraft III
2007-04-08 02:10:42 1,289 ----a-w C:\WINDOWS\mozver.dat
2007-04-07 15:52:26 -------- d-----w C:\DOCUME~1\CHETAN~1\APPLIC~1\Talkback
2007-04-07 15:38:14 0 ----a-w C:\WINDOWS\nsreg.dat
2007-04-07 14:31:50 -------- d-----w C:\Program Files\GetRight
2007-04-07 14:30:50 -------- d-----w C:\Program Files\Google
2007-04-07 14:24:42 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-04-07 14:24:42 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-04-06 07:44:36 -------- d-----w C:\Program Files\Easy
2007-04-06 03:29:22 -------- d-----w C:\Program Files\microsoft frontpage
2007-04-06 03:28:36 0 ----a-w C:\CONFIG.SYS
2007-04-06 03:28:36 0 ----a-w C:\AUTOEXEC.BAT
2007-04-06 03:25:40 -------- d-----w C:\Program Files\Movie Maker
2007-04-06 03:24:40 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-04-06 03:23:28 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-04-06 03:23:02 -------- d--h--w C:\Program Files\WindowsUpdate
2007-04-06 03:23:02 -------- d-----w C:\Program Files\Online Services
2007-04-06 03:22:50 -------- d-----w C:\Program Files\Messenger
2007-04-06 03:22:32 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-04-06 03:22:14 -------- d-----w C:\Program Files\Windows NT
2007-04-06 03:09:32 -------- d-----w C:\Program Files\Common Files\ODBC
2007-04-06 03:09:28 -------- d-----w C:\Program Files\Common Files\SpeechEngines


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8}=C:\Program Files\GetRight\xx2gr.dll [2007-01-04 23:57]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 12:25]
{5142FE17-20E6-4121-A925-A4C6385CDDAA}=C:\WINDOWS\system32\rem.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll [2006-12-15 03:23]
{EC3C9242-9DD2-4933-AAB9-48DFA5C20752}=C:\WINDOWS\System32\awvtu.dll []
{F901B4B7-0FD8-45A0-98A4-0B146DDCD207}=C:\WINDOWS\System32\jkfrswas.dll []


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SConfig"="$$" []
"indowsUpdate"="$$" []
"realset"="$$" []
"AVG Anti-Spyware"="$$" []
"UserFaultCheck"="$$" []
"$$"="$$" []
"WindowsUpdate"="$$" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="$$"
"AVG7_Run"="$$"
"TFMON.EXE"="$$"
"VG7_Run"="$$"
"FMON.EXE"="$$"
"G7_Run"="$$"
"MON.EXE"="$$"
"7_Run"="$$"
"mage Name"="$$"
"ID"="$$"
"ession Name"="$$"
"ession#"="$$"
"em Usage"="$$"
"ystem Idle Process"="$$"
"0 K"="$$"
"ystem"="$$"
"16 K"="$$"
"MSS.EXE"="$$"
"48"="$$"
"48 K"="$$"
"SRSS.EXE"="$$"
"04"="$$"
",964 K"="$$"
"INLOGON.EXE"="$$"
"28"="$$"
",184 K"="$$"
"ERVICES.EXE"="$$"
"72"="$$"
",764 K"="$$"
"SASS.EXE"="$$"
"84"="$$"
",828 K"="$$"
"VCHOST.EXE"="$$"
",404 K"="$$"
"96"="$$"
"1,776 K"="$$"
"76"="$$"
",692 K"="$$"
"92"="$$"
",800 K"="$$"
"POOLSV.EXE"="$$"
"252"="$$"
",604 K"="$$"
"XPLORER.EXE"="$$"
"276"="$$"
"2,772 K"="$$"
"emoteCtl.exe"="$$"
"488"="$$"
",308 K"="$$"
"VGEMC.EXE"="$$"
"612"="$$"
",048 K"="$$"
"ASKMGR.EXE"="$$"
"772"="$$"
",544 K"="$$"
"NETINFO.EXE"="$$"
"876"="$$"
",968 K"="$$"
"VSHOST.EXE"="$$"
"988"="$$"
",592 K"="$$"
"036"="$$"
",688 K"="$$"
",424 K"="$$"
"setus.exe"="$$"
"360"="$$"
"156"="$$"
",868 K"="$$"
"192"="$$"
",776 K"="$$"
"zch.exe"="$$"
"640"="$$"
",248 K"="$$"
"zlrs.exe"="$$"
"696"="$$"
",068 K"="$$"
"MD.EXE"="$$"
"712"="$$"
",032 K"="$$"
"732"="$$"
"egedit.exe"="$$"
"748"="$$"
",116 K"="$$"
"sys.exe"="$$"
"756"="$$"
",128 K"="$$"
"764"="$$"
"784"="$$"
",088 K"="$$"
"000"="$$"
",020 K"="$$"
"asklist.exe"="$$"
"016"="$$"
",372 K"="$$"
"miprvse.exe"="$$"
"108"="$$"
",696 K"="$$"
"$$"="$$"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtu]
C:\WINDOWS\System32\awvtu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcdcby]
efcdcby.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyabx]
efcyabx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fcccbyw]
fcccbyw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkji]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkklih

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljihef]
mljihef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommmnk]
qommmnk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturq]
wlnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\,realset]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoData]
rundll32.exe "C:\WINDOWS\System32\whkdghaf.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundService]
rundll32.exe "C:\WINDOWS\System32\vsjicwsa.dll",setvm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
rundll32.exe "C:\WINDOWS\System32\lmhmjdne.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsUpdate]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-18 21:22:15
Windows 5.1.2600 FAT

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\controlset001\Services\ColdFusion MX 7 Search Server]
"ImagePath"="\"C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe\" -cfg \"C:\CFusionMX7\verity\k2\common\verity.cfg\" -ntstart 1"

Completion time: 2007-05-18 21:23:24 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-18 21:23


--- E O F ---

HIJACKTHIS LOG FILE
Logfile of HijackThis v1.99.1
Scan saved at 21:25:23, on 18/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\notepad.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Helper Class - {5142FE17-20E6-4121-A925-A4C6385CDDAA} - C:\WINDOWS\system32\rem.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {D47B2620-E9FF-4939-AEE6-E43A3DA2418A} - (no file)
O2 - BHO: (no name) - {EC3C9242-9DD2-4933-AAB9-48DFA5C20752} - C:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: (no name) - {F901B4B7-0FD8-45A0-98A4-0B146DDCD207} - C:\WINDOWS\System32\jkfrswas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [,realset] $$
O4 - HKLM\..\Run: [SConfig] $$
O4 - HKLM\..\Run: [indowsUpdate] $$
O4 - HKLM\..\Run: [realset] $$
O4 - HKLM\..\Run: [AVG Anti-Spyware] $$
O4 - HKLM\..\Run: [UserFaultCheck] $$
O4 - HKLM\..\Run: [$$] $$
O4 - HKLM\..\Run: [WindowsUpdate] $$
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C428BC27-897C-400A-ACA1-9BD28992785B}: NameServer = 172.16.2.1
O20 - Winlogon Notify: awvtu - C:\WINDOWS\System32\awvtu.dll (file missing)
O20 - Winlogon Notify: efcdcby - efcdcby.dll (file missing)
O20 - Winlogon Notify: efcyabx - efcyabx.dll (file missing)
O20 - Winlogon Notify: fcccbyw - fcccbyw.dll (file missing)
O20 - Winlogon Notify: jkkji - C:\WINDOWS\
O20 - Winlogon Notify: jkkklih - jkkklih.dll (file missing)
O20 - Winlogon Notify: mljihef - mljihef.dll (file missing)
O20 - Winlogon Notify: qommmnk - qommmnk.dll (file missing)
O20 - Winlogon Notify: vturq - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Remote Storage Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Shell Code Services - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Windows Monitor Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe

#6 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 18 May 2007 - 11:23 AM

The eraseme files were still there after the scan of ComboFix

#7 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 18 May 2007 - 11:46 AM

The eraseme files were still there after the scan of ComboFix

Try manually navigating to C:\Temp and deleting all of the files inside (in Safe Mode)

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#8 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 18 May 2007 - 11:49 AM

should i do vundofix scan in safemode ?

#9 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 18 May 2007 - 12:02 PM

HIJACKTHIS LOG FILE
Logfile of HijackThis v1.99.1
Scan saved at 22:28:25, on 18/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svshost.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Helper Class - {5142FE17-20E6-4121-A925-A4C6385CDDAA} - C:\WINDOWS\system32\rem.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {D47B2620-E9FF-4939-AEE6-E43A3DA2418A} - (no file)
O2 - BHO: (no name) - {EC3C9242-9DD2-4933-AAB9-48DFA5C20752} - C:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: (no name) - {F901B4B7-0FD8-45A0-98A4-0B146DDCD207} - C:\WINDOWS\System32\jkfrswas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [,realset] $$
O4 - HKLM\..\Run: [SConfig] $$
O4 - HKLM\..\Run: [indowsUpdate] $$
O4 - HKLM\..\Run: [realset] $$
O4 - HKLM\..\Run: [AVG Anti-Spyware] $$
O4 - HKLM\..\Run: [UserFaultCheck] $$
O4 - HKLM\..\Run: [$$] $$
O4 - HKLM\..\Run: [WindowsUpdate] $$
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C428BC27-897C-400A-ACA1-9BD28992785B}: NameServer = 172.16.2.1
O20 - Winlogon Notify: awvtu - C:\WINDOWS\System32\awvtu.dll (file missing)
O20 - Winlogon Notify: efcdcby - efcdcby.dll (file missing)
O20 - Winlogon Notify: efcyabx - efcyabx.dll (file missing)
O20 - Winlogon Notify: fcccbyw - fcccbyw.dll (file missing)
O20 - Winlogon Notify: jkkji - C:\WINDOWS\
O20 - Winlogon Notify: jkkklih - jkkklih.dll (file missing)
O20 - Winlogon Notify: mljihef - mljihef.dll (file missing)
O20 - Winlogon Notify: qommmnk - qommmnk.dll (file missing)
O20 - Winlogon Notify: vturq - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 Search Server - Unknown owner - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe" -cfg "C:\CFusionMX7\verity\k2\common\verity.cfg" -ntstart 1 (file missing)
O23 - Service: Remote Storage Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Shell Code Services - Unknown owner - C:\WINDOWS\system32\svshost.exe
O23 - Service: Windows Monitor Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe

VundoFix.txt

VundoFix V6.3.23

Checking Java version...

Java version is 1.5.0.11

Scan started at 22:15:53 18/05/2007

Listing files found while scanning....

C:\WINDOWS\System32\awvtu.dll
C:\WINDOWS\System32\utvwa.bak1
C:\WINDOWS\System32\utvwa.bak2
C:\WINDOWS\System32\utvwa.ini
C:\WINDOWS\System32\utvwa.ini2
C:\WINDOWS\System32\utvwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\System32\utvwa.bak1
C:\WINDOWS\System32\utvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\utvwa.bak2
C:\WINDOWS\System32\utvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\utvwa.ini
C:\WINDOWS\System32\utvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\utvwa.ini2
C:\WINDOWS\System32\utvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\utvwa.tmp
C:\WINDOWS\System32\utvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

I am still getting those signs when my PC was first hit by virus. These are :
cmd prompt popups and opens its various copies
An error window is opened saying Error specified module cannot be opened .

Edited by bizzysurfer007, 18 May 2007 - 12:20 PM.


#10 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 18 May 2007 - 02:05 PM

Just a quick note from me before you decide if you want to continue. You have a really badly infected computer, it is likely that it will take quite a long time to clean up all of this mess. From your ComboFix log it looks like you have only recently installed your operating system, so perhaps formatting your computer would be an option for you? This is the only way we can guarantee that everything will be removed; there are only a certain number of files that scanners will find.
The choice is up to you, of course. Let me know what you think you'd prefer to do in your next post: clean it, or format.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#11 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 18 May 2007 - 06:32 PM

Just a quick note from me before you decide if you want to continue. You have a really badly infected computer, it is likely that it will take quite a long time to clean up all of this mess. From your ComboFix log it looks like you have only recently installed your operating system, so perhaps formatting your computer would be an option for you? This is the only way we can guarantee that everything will be removed; there are only a certain number of files that scanners will find.
The choice is up to you, of course. Let me know what you think you'd prefer to do in your next post: clean it, or format.
Thanks,
Charles

Can I format the C drive only because other partitions carry my valuable data. And what is the right process to format and again install Windows.

Edited by bizzysurfer007, 18 May 2007 - 07:06 PM.


#12 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 19 May 2007 - 02:04 PM

Yes you can.
Here is some good reading involving formatting your computer:
http://www.cyberwalker.com/faqs/reinstall-...inxp/index.html
http://www.techspot.com/vb/topic53502.html

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#13 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 19 May 2007 - 07:59 PM

I formatted my C drive only and reinstalled windows and whats this the virus is still there. What I did wrong ?
Here is the HIJACK this log:
Logfile of HijackThis v1.99.1
Scan saved at 06:25:16, on 20/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\WINDOWS\system32\svshost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000218.exe 61A847B5BBF72810329B385473F101F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\ptujrvih.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79BD8E5-E1E7-4039-93D3-D9E146D06B06}: NameServer = 172.16.2.1,0.0.0.0
O23 - Service: DNS Support Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe

Thanks for you continued support Charles

Edited by bizzysurfer007, 19 May 2007 - 10:13 PM.


#14 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 20 May 2007 - 08:06 AM

Hello again,
Please print off a copy of these instructions, and also save them to a Notepad file on your desktop, so they are easily accessible.
We are going to boot into Safe Mode later in the fix, and there is no internet access.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000218.exe 61A847B5BBF72810329B385473F101F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\System32\ptujrvih.dll",realset
O23 - Service: DNS Support Manager - Unknown owner - C:\WINDOWS\system32\svshost.exe


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Please reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Make sure you choose the option without Networking Support.

Set your system to show all files.
Navigate to Start | My Computer | Tools | Folder Options.
Select the View tab. Under the "Hidden Files and Folders" heading, select "Show hidden files and folders".
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Next, please find and delete the following files/folders (if present):

C:\WINDOWS\retadpu2000218.exe
C:\WINDOWS\System32\ptujrvih.dll
C:\WINDOWS\system32\svshost.exe <--Note the spelling of the filename, make sure you delete the right one

Copy and paste the following text into Notepad:
sc stop "DNS Support Manager"
sc delete "DNS Support Manager"
Save this as "services.bat" Choose to save as *all files and place it on your Desktop.
Double-click services.bat.

Reboot into Normal Mode again.

Scan again with HijackThis and post back a new log.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#15 bizzysurfer007

bizzysurfer007
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Delhi
  • Local time:07:51 AM

Posted 20 May 2007 - 12:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 22:50:35, on 20/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Easy\TV Capture\RemoteCtl.exe
C:\Program Files\GetRight\getright.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: TV Capture Remote Control.lnk = C:\Program Files\Easy\TV Capture\RemoteCtl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1179627575171
O17 - HKLM\System\CCS\Services\Tcpip\..\{A79BD8E5-E1E7-4039-93D3-D9E146D06B06}: NameServer = 172.16.2.1,0.0.0.0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users