Add remove programs not working

[pradykris]

Hi,
I had accidently run the security program which comes with windows[security center] which showed a lot of malware in the system and also i tried removing it.

I restarted the system after which, the shortcuts and .exe files dont work on double click, it ask for which program needs to be used to run.

Also the option under control panel also dont work. I get a alert d:/windows/system32/rundll32.exe Application not found

----------HiackakThis log file--------------------

Logfile of Trend Micro HijacakThis v2.0.2
Scan saved at 1:12:38 AM, on 1/1/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13933&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13933&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=13933&gct=&gc=1&q=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [syncman] d:\windows\system32\wuaucldt.exe
O4 - HKLM\..\Run: [Regedit32] D:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] "D:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [syncman] d:\documents and settings\administrator\wuaucldt.exe
O4 - HKUS\S-1-5-21-2025429265-1390067357-682003330-500\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2025429265-1390067357-682003330-500\..\Run: [Free Download Manager] "D:\Program Files\Free Download Manager\fdm.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-2025429265-1390067357-682003330-500\..\Run: [Google Update] "D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2025429265-1390067357-682003330-500\..\Run: [syncman] d:\documents and settings\administrator\wuaucldt.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] D:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - S-1-5-21-2025429265-1390067357-682003330-500 Startup: syspck32.exe (User '?')
O4 - Startup: syspck32.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://D:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=27986
O17 - HKLM\System\CCS\Services\Tcpip\..\{C31A72B4-6E39-4210-B59F-4D3C6EE26848}: NameServer = 202.138.103.100 202.138.96.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: UDisk Monitor - Unknown owner - D:\Program Files\ZTE High Speed Data MODEM\bin\MonServiceUDisk.exe

--
End of file - 6589 bytes

Thanks

 

[Blade81]

Hi,

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says Error deleting file, please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

--

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

--

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

 

[pradykris]

Hi,

When i tried to download exehelper. Avast gave an alert

3/26/2010 1:34:07 PM SYSTEM 1844 Sign of "Win32:Malware-gen" has been found in "http://www.raktor.net/exeHelper/exeHelper.com" file.

Kindly let me know if its safe to download it from there

Thanks
Prady

 

[Blade81]

Hi Prady,

Yes, it's safe. Disable your antivirus protection before running tools listed. Otherwise those may be flagged malicious like it happened with exehelper there.

 

[pradykris]

Hi,

I tried running exehelper.com.
But i get a popup
windows cannot access specified device or file. You might not have permissions to access the item.

Do you want me to run the other 2 ?
Thanks
Prady

 

[Blade81]

Yes, please try to run those other two.

 

[pradykris]

As requested before here are the logs of ddr.scr and gmer. Attatch.txt and gmer.txt are attatched to this post. Could not zip the files as winzip doesnt seem to work


DDS (Ver_10-03-17.01) - FAT32x86
Run by Administrator at 15:20:06.18 on Mon 01/07/2002
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.254.75 [GMT 5.5:30]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

D:\Program Files\AVG\AVG8\avgrsx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
SVCHOST.EXE
SVCHOST.EXE
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\ZTE High Speed Data MODEM\bin\MonServiceUDisk.exe
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\ZTE High Speed Data MODEM\bin\PcmciaApp.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13933&gct=&gc=1&q=
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13933&gct=&gc=1&q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - d:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - d:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - d:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - d:\program files\askbardis\bar\bin\askBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [Free Download Manager] "d:\program files\free download manager\fdm.exe" -autorun
uRun: [Google Update] "d:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [syncman] d:\documents and settings\administrator\wuaucldt.exe
mRun: [RemoteControl] "d:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "d:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] d:\program files\winamp\winampa.exe
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [googletalk] d:\program files\google\google talk\googletalk.exe /autostart
mRun: [AVG8_TRAY] d:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [syncman] d:\windows\system32\wuaucldt.exe
mRun: [Regedit32] d:\windows\system32\regedit.exe
dRun: [ALUAlert] d:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: d:\documents and settings\administrator\start menu\programs\startup\syspck32.exe
IE: Download all with Free Download Manager - file://d:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://d:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://d:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://d:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=27986
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
TCP: {C31A72B4-6E39-4210-B59F-4D3C6EE26848} = 202.138.103.100 202.138.96.2
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - d:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: avgrsstx.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\hojizy44.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: d:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: d:\documents and settings\administrator\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: d:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: d:\program files\real\realone player\netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [2009-4-5 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2009-4-5 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;d:\windows\system32\drivers\avgmfx86.sys [2009-4-5 26824]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2009-4-5 90632]
R2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\avg\avg8\avgemc.exe [2009-6-11 874776]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-11 231704]
R2 UDisk Monitor;UDisk Monitor;d:\program files\zte high speed data modem\bin\MonServiceUDisk.exe [2002-1-1 262144]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;d:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2002-1-1 104576]
S1 ethzoewk;ethzoewk;d:\windows\system32\drivers\ethzoewk.sys --> d:\windows\system32\drivers\ethzoewk.sys [?]
S2 SAVRTPEL;SAVRTPEL;\??\d:\windows\system32\drivers\savrtpel.sys --> d:\windows\system32\drivers\SAVRTPEL.SYS [?]
S3 NAVENG;NAVENG;d:\progra~1\common~1\symant~1\virusd~1\20020814.005\NAVENG.SYS [2009-4-5 66816]
S3 NAVEX15;NAVEX15;d:\progra~1\common~1\symant~1\virusd~1\20020814.005\NAVEX15.SYS [2009-4-5 590944]
S3 SAVRT;SAVRT;\??\d:\windows\system32\drivers\savrt.sys --> d:\windows\system32\drivers\SAVRT.SYS [?]
S4 ASKUpgrade;ASKUpgrade;d:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-4-6 234888]

============== File Associations ===============

.exe=secfile

=============== Created Last 30 ================

2010-01-10 08:32:28 0 d-sh--w- D:\FOUND.130
2010-01-09 15:34:59 4034560 ----a-w- d:\documents and settings\administrator\ntuser.tmp
2010-01-09 13:04:50 0 d-sh--w- D:\FOUND.129
2009-06-13 02:49:02 0 d-sh--w- D:\FOUND.126
2009-06-12 04:53:44 0 d-sh--w- D:\FOUND.125
2009-06-10 16:40:22 0 d-sh--w- D:\FOUND.124
2009-06-10 02:05:04 0 d-----w- d:\program files\Norton Security Scan
2009-05-02 11:26:14 0 d-sh--w- D:\FOUND.123
2009-05-02 11:19:14 0 d-sh--w- D:\FOUND.122
2009-05-02 09:55:53 0 d-----w- d:\program files\AutoCAD 2007
2009-04-14 09:48:56 0 d-sh--w- D:\FOUND.121
2009-04-14 09:09:24 0 d-----w- d:\program files\Trend Micro
2009-04-10 17:56:22 0 d-sh--w- D:\FOUND.120
2009-04-10 12:06:10 0 d-sh--w- D:\FOUND.119
2009-04-10 08:10:22 0 d-sh--w- D:\FOUND.118
2009-04-10 06:15:18 0 d-sh--w- D:\FOUND.117
2009-04-05 19:32:47 0 d-----w- d:\program files\iOrgSoft
2009-04-05 19:28:14 0 d-----w- d:\docume~1\admini~1\applic~1\GetRightToGo
2009-04-05 19:19:32 0 d-----w- d:\program files\AskBarDis
2009-04-05 19:19:14 0 d-----w- d:\windows\Ask & Record Toolbar
2009-04-05 19:19:14 0 d-----w- d:\program files\Ask & Record Toolbar
2009-04-05 19:17:28 7349664 ----a-w- d:\program files\FLV PlayerATBSetup.exe
2009-04-05 19:17:17 0 d-----w- d:\windows\Applian FLV Player
2009-04-05 17:42:00 90632 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2009-04-05 17:42:00 12936 ----a-w- d:\windows\system32\drivers\avgrkx86.sys
2009-04-05 17:42:00 10520 ----a-w- d:\windows\system32\avgrsstx.dll
2009-04-05 17:41:56 98440 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2009-04-05 17:41:53 0 d-----w- d:\windows\system32\drivers\Avg
2009-04-05 17:41:53 0 d-----w- d:\docume~1\admini~1\applic~1\AVGTOOLBAR
2009-04-05 17:27:28 14 ----a-w- d:\windows\system32\SR2.dat
2009-04-05 17:15:33 0 d-----w- d:\program files\Norton AntiVirus
2009-04-05 02:14:04 0 d-sh--w- D:\FOUND.116
2009-04-05 00:58:40 0 d-sh--w- D:\FOUND.115
2009-04-05 00:44:02 0 d-sh--w- D:\FOUND.114
2009-04-05 00:37:26 0 d-sh--w- D:\FOUND.113
2009-04-04 15:49:48 0 d-sh--w- D:\FOUND.112
2009-04-04 11:09:05 1709 ----a-w- D:\Grand Master Chess Tournament.lnk
2009-04-04 10:58:38 0 d-sh--w- D:\FOUND.111
2009-04-01 02:31:16 0 d-----w- d:\windows\Grand Master Chess Tournament
2009-04-01 02:31:16 0 d-----w- d:\program files\Grand Master Chess Tournament
2009-03-28 17:07:56 0 d-sh--w- D:\FOUND.110
2009-03-28 05:18:30 19840 ----a-w- d:\windows\system32\drivers\StMp3Rec.sys
2009-03-28 05:12:29 0 d-----w- d:\program files\Philips
2009-03-27 14:30:46 0 d-sh--w- D:\FOUND.109
2009-03-23 05:23:38 0 d-sh--w- D:\FOUND.108
2009-03-21 17:12:48 0 d-sh--w- D:\FOUND.107
2009-03-20 15:53:28 0 d-sh--w- D:\FOUND.106
2009-03-16 17:50:56 0 d-sh--w- D:\FOUND.105
2009-03-14 01:35:38 0 d--h--w- D:\$AVG8.VAULT$
2009-03-14 01:17:48 0 d-----w- d:\program files\AVG
2009-03-14 01:17:47 0 d-----w- d:\docume~1\alluse~1\applic~1\avg8
2009-03-13 23:38:28 0 d-sh--w- D:\FOUND.104
2009-03-13 23:35:30 0 d-sh--w- D:\FOUND.103
2009-03-13 23:33:44 0 d-sh--w- D:\FOUND.102
2009-03-13 08:41:58 0 d-sh--w- D:\FOUND.101
2009-03-12 18:04:42 0 d-sh--w- D:\FOUND.100
2009-03-07 14:11:42 73728 ----a-w- d:\windows\system32\javacpl.cpl
2009-03-07 14:11:42 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-03-07 14:00:17 0 d-----w- d:\docume~1\admini~1\applic~1\Free Download Manager
2009-03-07 14:00:09 0 d-----w- d:\docume~1\alluse~1\applic~1\FreeDownloadManager.ORG
2009-03-07 14:00:08 0 d-----w- d:\program files\Free Download Manager
2009-03-07 07:11:02 0 d-sh--w- D:\FOUND.099
2009-03-03 17:12:38 0 d-sh--w- D:\FOUND.098
2009-03-01 16:35:54 0 d-sh--w- D:\FOUND.097
2009-02-22 04:49:44 0 d-sh--w- D:\FOUND.096
2009-02-20 04:41:20 0 d-sh--w- D:\FOUND.095
2009-02-19 17:13:42 0 d-sh--w- D:\FOUND.094
2009-02-18 16:30:32 20640 ------w- d:\windows\system32\drivers\PxHelp20.sys
2009-02-18 16:18:12 0 d-----w- d:\program files\common files\xing shared
2009-02-18 16:09:50 0 d-sh--w- D:\FOUND.093
2009-02-16 09:10:06 0 d-sh--w- D:\FOUND.092
2009-02-14 17:33:36 0 d-sh--w- D:\FOUND.091
2009-02-14 16:05:14 0 d-sh--w- D:\FOUND.090
2009-02-13 11:56:12 0 d-sh--w- D:\FOUND.089
2009-02-13 06:10:50 0 d-sh--w- D:\FOUND.088
2009-02-12 16:29:24 0 d-sh--w- D:\FOUND.087
2009-02-12 16:19:46 0 d-sh--w- D:\FOUND.086
2009-02-12 16:15:14 0 d-sh--w- D:\FOUND.085
2009-02-11 15:54:10 0 d-sh--w- D:\FOUND.084
2009-02-10 16:42:08 0 d-sh--w- D:\FOUND.083
2009-02-10 14:25:20 0 d-sh--w- D:\FOUND.082
2009-02-05 17:40:54 0 d-sh--w- D:\FOUND.081
2009-02-05 17:04:36 0 d-sh--w- D:\FOUND.080
2009-02-05 05:30:46 0 d-sh--w- D:\FOUND.079
2009-02-04 16:22:12 0 d-sh--w- D:\FOUND.078
2009-01-31 15:57:12 0 d-sh--w- D:\FOUND.077
2009-01-29 06:15:26 0 d-sh--w- D:\FOUND.076
2009-01-29 06:07:47 0 d-----w- d:\documents and settings\administrator\DoctorWeb
2009-01-28 16:30:30 0 d-sh--w- D:\FOUND.075
2009-01-23 04:37:48 0 d-----w- d:\docume~1\admini~1\applic~1\Symantec
2009-01-23 04:37:29 0 d-----w- d:\program files\common files\Symantec Shared
2009-01-23 04:37:03 0 d-----w- d:\docume~1\alluse~1\applic~1\Symantec
2009-01-23 04:32:16 0 d-sh--w- D:\FOUND.074
2009-01-18 18:18:48 0 d-sh--w- D:\FOUND.073
2009-01-17 07:10:28 0 d-sh--w- D:\FOUND.072
2009-01-17 06:24:50 0 d-sh--w- D:\FOUND.071
2009-01-17 05:49:08 0 d-sh--w- D:\FOUND.070
2009-01-17 05:33:12 0 d-sh--w- D:\FOUND.069
2009-01-15 09:24:54 0 d-sh--w- D:\FOUND.068
2009-01-14 18:21:46 2764 ----a-w- d:\windows\system32\$$$mclip.cfg
2009-01-14 17:30:20 0 d-sh--w- D:\FOUND.067
2009-01-12 17:42:34 0 d-sh--w- D:\FOUND.066
2009-01-12 17:30:28 0 d-sh--w- D:\FOUND.065
2009-01-10 17:38:54 0 d-sh--w- D:\FOUND.064
2009-01-10 16:41:24 0 d-sh--w- D:\FOUND.063
2009-01-08 19:36:18 0 d-sh--w- D:\FOUND.062
2009-01-08 16:56:06 0 d-sh--w- D:\FOUND.061
2009-01-08 14:21:04 0 d-sh--w- D:\FOUND.060
2009-01-06 19:05:14 0 d-sh--w- D:\FOUND.059
2009-01-06 14:23:38 90112 ----a-w- d:\windows\DUMP3289.tmp
2009-01-06 14:23:38 90112 ----a-w- d:\windows\DUMP2de6.tmp
2009-01-06 10:27:30 0 d-sh--w- D:\FOUND.058
2009-01-05 10:48:52 90112 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2009-01-05 10:48:52 57344 ----a-w- d:\windows\system32\QuickTime.qts
2009-01-03 16:18:16 0 d-sh--w- D:\FOUND.057
2009-01-03 12:00:42 0 d-sh--w- D:\FOUND.056
2009-01-03 07:30:56 0 d-sh--w- D:\FOUND.055
2009-01-03 07:27:56 0 d-sh--w- D:\FOUND.054
2009-01-02 18:38:22 0 d-sh--w- D:\FOUND.053
2008-12-28 09:46:20 0 d-sh--w- D:\FOUND.052
2008-12-26 17:29:54 0 d-sh--w- D:\FOUND.051
2008-12-26 17:28:36 0 d-sh--w- D:\FOUND.050
2008-12-26 17:27:08 0 d-sh--w- D:\FOUND.049
2008-12-26 17:24:48 0 d-sh--w- D:\FOUND.048
2008-12-26 17:22:42 0 d-sh--w- D:\FOUND.047
2008-12-26 17:11:54 0 d-sh--w- D:\FOUND.046
2008-12-26 16:55:22 0 d-sh--w- D:\FOUND.045
2008-12-25 17:29:54 0 d-sh--w- D:\FOUND.044
2008-12-25 16:46:52 0 d-sh--w- D:\FOUND.043
2008-12-25 06:37:14 0 d-sh--w- D:\FOUND.042
2008-12-25 06:35:00 0 d-sh--w- D:\FOUND.041
2008-12-25 06:19:24 0 d-sh--w- D:\FOUND.040
2008-12-24 18:35:04 0 d-sh--w- D:\FOUND.039
2008-12-24 18:24:06 0 d-sh--w- D:\FOUND.038
2008-12-23 18:26:02 0 d-sh--w- D:\FOUND.037
2008-12-23 17:22:58 0 d-sh--w- D:\FOUND.036
2008-12-21 14:05:06 0 d-sh--w- D:\FOUND.035
2008-12-16 19:18:46 0 d-sh--w- D:\FOUND.034
2008-12-16 16:59:56 0 d-sh--w- D:\FOUND.033
2008-12-14 05:47:14 0 d-sh--w- D:\FOUND.032
2008-12-12 17:16:58 0 d-sh--w- D:\FOUND.031
2008-12-12 07:36:42 0 d-sh--w- D:\FOUND.030
2008-12-11 17:36:22 0 d-sh--w- D:\FOUND.029
2008-12-09 17:10:32 69 ----a-w- d:\windows\NeroDigital.ini
2008-12-08 18:01:50 0 d-sh--w- D:\FOUND.028
2008-12-08 09:36:52 0 d-sh--w- D:\FOUND.027
2008-12-06 14:35:28 0 d-sh--w- D:\FOUND.026
2008-12-05 05:22:24 0 d-sh--w- D:\FOUND.025
2008-12-04 09:29:42 0 d-sh--w- D:\FOUND.024
2008-12-04 08:56:50 0 d-sh--w- D:\FOUND.023
2008-12-04 07:08:52 0 d-sh--w- D:\FOUND.022
2008-12-04 06:23:28 0 d-sh--w- D:\FOUND.021
2008-12-04 05:35:12 0 d-sh--w- D:\FOUND.020
2008-12-03 17:16:58 0 d-sh--w- D:\FOUND.019
2008-12-02 18:36:34 0 d-sh--w- D:\FOUND.018
2008-12-02 17:34:32 0 d-sh--w- D:\FOUND.017
2008-12-02 06:14:42 0 d-sh--w- D:\FOUND.016
2008-12-01 17:03:52 0 d-sh--w- D:\FOUND.015
2008-11-30 17:36:10 0 d-sh--w- D:\FOUND.014
2008-11-27 09:11:48 0 d-sh--w- D:\FOUND.013
2008-11-27 08:58:24 0 d-sh--w- D:\FOUND.012
2008-11-27 08:26:18 0 d-sh--w- D:\FOUND.011
2008-11-27 08:21:36 0 d-sh--w- D:\FOUND.010
2008-11-27 07:53:22 0 d-sh--w- D:\FOUND.009
2008-11-27 07:49:32 0 d-sh--w- D:\FOUND.008
2008-11-26 18:05:34 0 d-sh--w- D:\FOUND.007
2008-11-26 17:52:58 0 d-sh--w- D:\FOUND.006
2008-11-26 17:10:52 0 d-sh--w- D:\FOUND.005
2008-11-26 09:29:30 0 d-sh--w- D:\FOUND.004
2008-11-24 08:28:30 0 d-sh--w- D:\FOUND.003
2008-11-22 15:46:04 0 d-sh--w- D:\FOUND.002
2008-11-13 16:33:38 0 d-sh--w- D:\FOUND.001
2008-11-12 17:25:30 0 d-sh--w- D:\FOUND.000
2008-11-11 10:51:11 0 ----a-w- d:\windows\PROTOCOL.INI
2008-11-11 10:50:57 0 d-----w- d:\program files\TypingMaster
2008-11-10 18:42:52 227 ----a-w- d:\windows\RtlRack.ini
2008-11-10 10:48:56 284876 ----a-w- d:\windows\system32\setup.inx
2008-11-10 10:46:54 0 d-----w- d:\program files\Kaspersky Lab
2008-11-10 10:45:07 0 d-----w- d:\windows\Downloaded Installations
2008-11-10 10:43:54 299520 ----a-w- d:\windows\uninst.exe
2008-11-10 10:43:46 0 d-----w- d:\documents and settings\administrator\WINDOWS
2008-11-10 10:13:06 86 ----a-w- d:\windows\cdplayer.ini
2008-11-10 09:48:47 0 d-----w- d:\program files\common files\Real
2008-11-10 09:47:03 44875 ----a-w- d:\windows\system32\IPrtCnst.dll
2008-11-10 09:47:03 13891 ----a-w- d:\windows\system32\drivers\IdeBusDr.sys
2008-11-10 09:47:03 101431 ----a-w- d:\windows\system32\drivers\IdeChnDr.sys
2008-11-10 09:23:43 0 ----a-w- d:\windows\lgfwup.ini
2008-11-10 09:23:40 59904 ----a-w- d:\windows\system32\wbemdisp.tlb
2008-11-10 09:23:40 115016 ----a-w- d:\windows\system32\MSINET.OCX
2008-11-10 09:23:40 102912 ----a-w- d:\windows\system32\Vb6stkit.dll
2008-11-10 09:23:40 102160 ----a-w- d:\windows\system32\VB6KO.DLL
2008-11-10 09:19:34 27168 ------w- d:\windows\system32\msxml3a.dll
2008-11-10 09:19:06 502816 ------w- d:\windows\system32\msvcp71.dll
2008-11-10 09:19:06 351264 ------w- d:\windows\system32\msvcr71.dll
2008-11-10 09:16:57 0 d-----w- d:\windows\Profiles
2008-11-10 09:16:56 0 d-----w- d:\windows\system32\Adobe
2008-11-10 09:16:50 306688 ----a-w- d:\windows\IsUninst.exe
2008-11-10 09:14:06 0 d-sh--w- D:\Recycled
2008-11-10 09:09:36 0 d-----w- d:\program files\Nero
2008-11-10 09:08:53 0 d-----w- d:\windows\RegisteredPackages
2008-11-10 08:24:28 0 d-s---w- d:\documents and settings\administrator\UserData
2008-11-10 08:23:42 0 d-----w- d:\windows\system32\appmgmt
2008-11-10 08:06:27 376 ----a-w- d:\windows\ODBC.INI
2008-11-10 08:06:23 17920 ----a-w- d:\windows\system32\mdimon.dll
2008-11-10 08:05:35 0 d-----w- d:\program files\Microsoft ActiveSync
2008-11-10 08:05:10 0 d-----w- d:\windows\SHELLNEW
2008-11-10 07:45:42 0 d-----w- d:\program files\CONEXANT
2008-11-10 07:42:02 0 d-----w- d:\docume~1\admini~1\applic~1\Autodesk
2008-11-10 07:42:01 0 d-----w- d:\program files\AutoCAD 2004
2008-11-10 07:34:41 0 d-----w- d:\program files\Realtek Sound Manager
2008-11-10 07:34:39 0 d-----w- d:\program files\AvRack
2008-11-10 07:24:09 0 d-sh--w- d:\documents and settings\all users\DRM
2008-11-10 07:23:48 0 d--h--w- d:\program files\WindowsUpdate
2008-11-10 07:23:07 0 d-----w- d:\program files\common files\MSSoap
2008-11-10 07:21:48 0 d-----w- d:\program files\Online Services
2008-11-10 07:21:41 0 d-----w- d:\program files\Messenger
2008-11-10 07:21:39 0 d-----w- d:\program files\MSN Gaming Zone
2008-11-10 07:21:11 0 d-----w- d:\program files\Windows NT
2008-11-10 07:16:45 0 d-----w- d:\program files\common files\ODBC
2008-11-10 07:16:43 0 d-----w- d:\program files\common files\SpeechEngines
2008-11-10 07:16:22 0 d-----r- d:\documents and settings\all users\Documents
2001-12-31 20:12:47 4 ----a-w- d:\docume~1\admini~1\applic~1\avdrn.dat
2001-12-31 18:35:46 0 d-----w- d:\docume~1\admini~1\applic~1\ZTE_CDMA_1X
2001-12-31 18:34:19 0 d-----w- d:\program files\ZTE High Speed Data MODEM

==================== Find3M ====================

2008-12-31 06:11:00 104576 ----a-w- d:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys
2008-11-10 07:22:12 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2007-12-18 03:17:38 86016 ----a-r- d:\windows\system32\mdmxsdk.dll
2007-12-18 03:17:38 718464 ----a-r- d:\windows\system32\drivers\HSF_CNXT.sys
2007-12-18 03:17:38 244480 ----a-r- d:\windows\system32\drivers\HSFHWBS2.sys
2007-12-18 03:17:38 133528 ----a-r- d:\windows\system32\drivers\HSFProf.cty
2007-12-18 03:17:38 13059 ----a-r- d:\windows\system32\drivers\mdmxsdk.sys
2007-12-18 03:17:38 110592 ----a-r- d:\windows\system32\uci32100.dll
2007-12-18 03:17:38 1035008 ----a-r- d:\windows\system32\drivers\HSF_DPV.sys
2005-09-23 01:58:56 32768 ----a-w- d:\windows\system32\netfxperf.dll
2005-09-23 01:58:52 74240 ----a-w- d:\windows\system32\mscories.dll
2005-09-23 01:58:52 270848 ----a-w- d:\windows\system32\mscoree.dll
2005-09-23 01:58:52 150016 ----a-w- d:\windows\system32\mscorier.dll
2005-09-23 01:58:38 83456 ----a-w- d:\windows\system32\dfshim.dll
2005-05-04 09:15:36 884736 ----a-w- d:\windows\system32\msimsg.dll
2005-05-04 09:15:36 884736 ----a-w- d:\windows\system32\dllcache\msimsg.dll
2005-05-04 09:15:36 78848 ----a-w- d:\windows\system32\msiexec.exe
2005-05-04 09:15:36 78848 ----a-w- d:\windows\system32\dllcache\msiexec.exe
2005-05-04 09:15:36 271360 ----a-w- d:\windows\system32\msihnd.dll
2005-05-04 09:15:36 271360 ----a-w- d:\windows\system32\dllcache\msihnd.dll
2005-05-04 09:15:36 15360 ----a-w- d:\windows\system32\msisip.dll
2005-05-04 09:15:36 15360 ----a-w- d:\windows\system32\dllcache\msisip.dll
2005-05-04 09:15:32 2890240 ----a-w- d:\windows\system32\msi.dll
2005-05-04 09:15:32 2890240 ----a-w- d:\windows\system32\dllcache\msi.dll
2004-08-03 23:01:10 87176 ----a-w- d:\windows\system32\rdpwsx.dll
2004-08-03 23:01:10 87176 ----a-w- d:\windows\system32\dllcache\rdpwsx.dll
2004-08-03 23:01:10 139400 ----a-w- d:\windows\system32\drivers\rdpwd.sys
2004-08-03 23:01:10 139400 ----a-w- d:\windows\system32\dllcache\rdpwd.sys
2004-08-03 23:01:08 21896 ----a-w- d:\windows\system32\drivers\tdtcp.sys
2004-08-03 23:01:08 21896 ----a-w- d:\windows\system32\dllcache\tdtcp.sys
2004-08-03 23:01:08 12040 ----a-w- d:\windows\system32\drivers\tdpipe.sys
2004-08-03 23:01:08 12040 ----a-w- d:\windows\system32\dllcache\tdpipe.sys
2004-08-03 22:57:02 226816 ----a-w- d:\windows\system32\dllcache\npdrmv2.dll
2004-08-03 21:17:42 1835904 ----a-w- d:\windows\system32\dllcache\win32k.sys
2004-08-03 21:06:26 73472 ----a-w- d:\windows\system32\drivers\sr.sys
2004-08-03 21:06:26 73472 ----a-w- d:\windows\system32\dllcache\sr.sys
2004-08-03 21:04:38 106496 ----a-w- d:\windows\system32\dllcache\imekrcic.dll
2004-08-03 21:04:34 86016 ----a-w- d:\windows\system32\dllcache\imekrmbx.dll
2004-08-03 21:04:12 76288 ----a-w- d:\windows\system32\dllcache\uniime.dll
2004-08-03 21:01:20 124800 ----a-w- d:\windows\system32\drivers\fltMgr.sys
2004-08-03 21:01:20 124800 ----a-w- d:\windows\system32\dllcache\fltmgr.sys
2004-08-03 21:00:52 20736 ----a-w- d:\windows\system32\dllcache\ramdisk.sys
2004-08-03 20:59:44 655360 ----a-w- d:\windows\system32\mstscax.dll
2004-08-03 20:59:44 655360 ----a-w- d:\windows\system32\dllcache\mstscax.dll
2004-08-03 20:59:42 407552 ----a-w- d:\windows\system32\mstsc.exe
2004-08-03 20:59:42 407552 ----a-w- d:\windows\system32\dllcache\mstsc.exe
2004-08-03 20:59:28 44544 ----a-w- d:\windows\system32\tscupgrd.exe
2004-08-03 20:59:28 44544 ----a-w- d:\windows\system32\dllcache\tscupgrd.exe
2004-08-03 20:32:36 86073 ----a-w- d:\windows\system32\dllcache\voicesub.dll
2004-08-03 20:32:36 426041 ----a-w- d:\windows\system32\dllcache\voicepad.dll
2004-08-03 20:32:28 102456 ----a-w- d:\windows\system32\dllcache\imlang.dll
2004-08-03 20:32:16 455168 ----a-w- d:\windows\system32\dllcache\tintsetp.exe
2004-08-03 20:32:16 44032 ----a-w- d:\windows\system32\dllcache\tintlphr.exe
2004-08-03 20:32:16 274489 ----a-w- d:\windows\system32\dllcache\imjputyc.dll
2004-08-03 20:32:16 262200 ----a-w- d:\windows\system32\dllcache\imjputy.exe
2004-08-03 20:32:14 10240 ----a-w- d:\windows\system32\dllcache\tmigrate.dll
2004-08-03 20:32:12 233527 ----a-w- d:\windows\system32\dllcache\imjprw.exe
2004-08-03 20:32:12 15872 ----a-w- d:\windows\system32\dllcache\padrs404.dll
2004-08-03 20:32:00 208952 ----a-w- d:\windows\system32\dllcache\imjpmig.exe
2004-08-03 20:10:58 126976 ----a-w- d:\windows\system32\dllcache\netfxocm.dll
2004-08-03 19:31:08 40840 ----a-w- d:\windows\system32\drivers\termdd.sys
2004-08-03 19:26:58 23552 ----a-w- d:\windows\system32\wdmaud.drv
2004-08-03 19:26:58 23552 ----a-w- d:\windows\system32\dllcache\wdmaud.drv
2004-08-03 19:26:48 74240 ----a-w- d:\windows\system32\usbui.dll
2004-08-03 19:26:48 74240 ----a-w- d:\windows\system32\dllcache\usbui.dll
2004-08-03 19:26:46 74752 ----a-w- d:\windows\system32\storprop.dll
2004-08-03 19:26:46 159232 ----a-w- d:\windows\system32\ptpusd.dll
2004-08-03 19:26:44 4096 ----a-w- d:\windows\system32\ksuser.dll
2004-08-03 19:26:44 4096 ----a-w- d:\windows\system32\dllcache\ksuser.dll
2004-08-03 18:33:44 1042903 ----a-r- d:\windows\SET3.tmp
2004-08-03 18:28:46 13753 ----a-r- d:\windows\SET8.tmp
2004-08-03 18:27:10 1086058 ----a-r- d:\windows\SET4.tmp
2004-08-03 17:45:56 60800 ----a-w- d:\windows\system32\drivers\sysaudio.sys
2004-08-03 17:45:56 60800 ----a-w- d:\windows\system32\dllcache\sysaudio.sys
2004-08-03 17:45:50 145792 ----a-w- d:\windows\system32\drivers\portcls.sys
2004-08-03 17:45:50 145792 ----a-w- d:\windows\system32\dllcache\portcls.sys
2004-08-03 17:45:22 140928 ----a-w- d:\windows\system32\drivers\ks.sys
2004-08-03 17:45:22 140928 ----a-w- d:\windows\system32\dllcache\ks.sys
2004-08-03 17:45:06 82944 ----a-w- d:\windows\system32\drivers\wdmaud.sys
2004-08-03 17:45:06 82944 ----a-w- d:\windows\system32\dllcache\wdmaud.sys
2004-08-03 17:38:48 31616 ----a-w- d:\windows\system32\drivers\usbccgp.sys
2004-08-03 17:38:48 26496 ----a-w- d:\windows\system32\dllcache\usbstor.sys
2004-08-03 17:38:44 57600 ----a-w- d:\windows\system32\drivers\usbhub.sys
2004-08-03 17:38:44 57600 ----a-w- d:\windows\system32\dllcache\usbhub.sys
2004-08-03 17:38:44 142976 ----a-w- d:\windows\system32\drivers\usbport.sys
2004-08-03 17:38:44 142976 ----a-w- d:\windows\system32\dllcache\usbport.sys
2004-08-03 17:38:38 20480 ----a-w- d:\windows\system32\drivers\usbuhci.sys
2004-08-03 17:38:38 20480 ----a-w- d:\windows\system32\dllcache\usbuhci.sys
2004-08-03 17:38:04 48640 ----a-w- d:\windows\system32\drivers\stream.sys
2004-08-03 17:38:04 48640 ----a-w- d:\windows\system32\dllcache\stream.sys
2004-08-03 17:38:00 60288 ----a-w- d:\windows\system32\drivers\drmk.sys
2004-08-03 17:38:00 60288 ----a-w- d:\windows\system32\dllcache\drmk.sys
2004-08-03 17:37:58 2944 ----a-w- d:\windows\system32\drivers\drmkaud.sys
2004-08-03 17:37:58 2944 ----a-w- d:\windows\system32\dllcache\drmkaud.sys
2004-08-03 17:37:50 171776 ----a-w- d:\windows\system32\drivers\kmixer.sys
2004-08-03 17:37:50 171776 ----a-w- d:\windows\system32\dllcache\kmixer.sys
2004-08-03 17:37:48 68224 ----a-w- d:\windows\system32\drivers\pci.sys
2004-08-03 17:37:48 68224 ----a-w- d:\windows\system32\dllcache\pci.sys
2004-08-03 17:37:48 6400 ----a-w- d:\windows\system32\drivers\splitter.sys
2004-08-03 17:37:48 6400 ----a-w- d:\windows\system32\dllcache\splitter.sys

============= FINISH: 15:20:53.03 ===============

 

[Blade81]

Thanks for the logs. Let's continue.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

D:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

 

[pradykris]

Thank you, i am unable to disable the antivirus. None of the exe's dont seem to work. I tried uninstalling too... But this just didnt work out.. I will run combo fix with out disabling antivirus. Not really sure if anti virus is actually working at all.

 

[Blade81]

Ok. Shall wait for your reply.

 

[pradykris]

Finally was able to disable the anti virus and run combo fix
Here are the logs attached.

Thanks

 

[Blade81]

Hi,

Upload these files to http://www.virustotal.com (re-analyze files if Virustotal shows a message those have been analyzed already) and post back the results:
d:\windows\regedit.exe
d:\windows\system32\msgsvc.dll

Run a disk check for D: drive by following instructions here.

 

[pradykris]

Thanks, the system is much better now.
I did reanalyze the files and the log is attatched.

I am unable to run a disk check as when i give a rightclick -> properties on My computer i get a alert saying
"Run a Dll as app has encountered a problem and needs to close . We are sorry for inconvenience"

Thanks
Prady

 

[Blade81]

Hi again,

Uninstall Ask Toolbar if not installed on purpose. Do you use Adobe Acrobat for other duties than pdf conversions?

Open notepad and copy/paste the text in the quotebox below into it:

Driver::
ethzoewk
File::
d:\windows\system32\drivers\ethzoewk.sys

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall Macromedia Flash Player 8.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 18.
• Click the
  Download
  button to the right.
• Select Windows on platform combobox and check the box that says:
  Accept License Agreement. Click continue.
  
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

 

[pradykris]

Hi,

I am updating java, flash and acrobat reader as mentioned. I will be running kaspersky as per your instructions. Will post back the kaspersky logs once the scan is complete.

Attatching the ddr and cobofix logs in the mean time.

Thanks
Prady

 

[pradykris]

Hi,

When i try to run kaspersky i get an alert saying

Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program.

I do have a internet connection which is working fine. Not sure what is causing this problem

 

[Blade81]

Hi Prady,

Please reboot and see if you're able to run Kaspersky after that.

If same message still appears then let's try ESET online scanner instead:
* Go here to run an online scanner from ESET.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• Make sure that the option Remove found threats is UNchecked.
• Click Scan
• Wait for the scan to finish
• Copy and paste the log as a reply to this topic.

 

[pradykris]

Here is the log of ESET online scanner attached

 

[Blade81]

Good. Those findings will be cleaned when system restore is resetted and ComboFix uninstalled.

Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis


Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
• Run Secunia vulnerability check here and fix its findings.
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
  If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[pradykris]

Hi ,

I still get the windows security icon near right bottom on the taskbar. which really was the start of this problem when i accidently clicked it.

This had come when i ran the eset online scanner with my avg antivirus disabled

Thanks