Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help! Huge infestation!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help! Huge infestation!

Unread postby shadowkun » October 13th, 2006, 4:05 pm

Hi! I need help, I got swamped with malware... constat popups and something continously eats away the pc's resources! Any and all help will be greatly appreciated. Thanks in advance!

Here's the log ( I had to manually kill one offensive process, it was eating up 99% of system resources on startup):

Logfile of HijackThis v1.99.1
Scan saved at 4:02:02 PM, on 10/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\TVM\command.exe
E:\WINDOWS\eiRecvr.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ITE\Smart Guardian\ITESMART.exe
E:\WINDOWS\System32\RunDLL32.exe
E:\Program Files\Network Monitor\netmon.exe
E:\WINDOWS\System32\mysvcc.exe
E:\WINDOWS\System32\algs.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\WINDOWS\system32\nlc.exe
E:\Program Files\AGEIA Technologies\TrayIcon.exe
E:\Program Files\Winamp\Winampa.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\WINDOWS\System32\RUNDLL32.EXE
C:\dfndrff_e28.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\palmOne\Hotsync.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
E:\WINDOWS\System32\wuauclt.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Documents and Settings\Maciek\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\nlc.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe,E:\WINDOWS\system32\nlc.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - E:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - E:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [Application Layer Gateway Service] E:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] E:\WINDOWS\system32\nlc.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] E:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [oekc62d5] RUNDLL32.EXE w00e3a17.dll,n 005c62d00000000a00e3a17
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e28.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e28.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e28.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.5.lnk = E:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Startup: palmOne Registration.lnk = E:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = E:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9596952468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9597209296
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\TVM\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Windows Sheduler (Microsoft Windows Scheduled Tasker) - Unknown owner - E:\WINDOWS\eiRecvr.exe
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - E:\WINDOWS\system32\nlc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
shadowkun
Active Member
 
Posts: 5
Joined: October 13th, 2006, 3:43 pm
Advertisement
Register to Remove

Unread postby random/random » October 13th, 2006, 4:44 pm

You appear to have a passowrd steaing trojan on your PC. I would strongly recommend that you change all your passwords immediately from a clean computer.

Copy the contents of the code box below to a notepad window

Code: Select all
sc stop cmdService
sc delete cmdService
sc stop "Microsoft Windows Scheduled Tasker"
sc delete "Microsoft Windows Scheduled Tasker"
sc stop "Network Monitor"
sc delete "Network Monitor"
sc stop nlc
sc delete nlc


Save it to the desktop as killservices.bat making sure that save as type is set to all files

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.

  • The search accelerator
  • VS toolbar

Reveal Hidden Files
  1. Click Start.
  2. Open My Computer.
  3. SelectTools menu
  4. Click Folder Options.
  5. Select the View Tab.
  6. Select Show hidden files and foldersin the Hidden files and folders section.
  7. Uncheck Hide protected operating system files (recommended) option.
  8. Uncheck the Hide file extensions for known file types option.
  9. Click Yes.
  10. Click OK.


Download and unzip BFU.zip from here.
Run the program and click the Web button as shown by the blue arrow below:
Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Restart

Double click on killservices.bat

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\nlc.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe,E:\WINDOWS\system32\nlc.exe
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - E:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - E:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Application Layer Gateway Service] E:\WINDOWS\System32\algs.exe
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] E:\WINDOWS\system32\nlc.exe
O4 - HKLM\..\Run: [oekc62d5] RUNDLL32.EXE w00e3a17.dll,n 005c62d00000000a00e3a17
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e28.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e28.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e28.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\TVM\command.exe
O23 - Service: Windows Windows Sheduler (Microsoft Windows Scheduled Tasker) - Unknown owner - E:\WINDOWS\eiRecvr.exe
O23 - Service: Network Monitor - Unknown owner - E:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - E:\WINDOWS\system32\nlc.exe

Then close all windows except Hijackthis and click Fix Checked

Restart

Use windows explorer to find and delete these files:

E:\WINDOWS\system32\nlc.exe
E:\WINDOWS\System32\algs.exe
E:\WINDOWS\TVM\command.exe
E:\WINDOWS\eiRecvr.exe

And these folders:

E:\Program Files\TheSearchAccelerator\
E:\Program Files\VSToolbar\
E:\Program Files\Network Monitor\

We need to do a search. Start | Search | For Files and Folders.
Expand Search Options, check Advanced Options, check Search system folders, Search hidden files and folders, and Search Subfolders.
Paste this into the Search for files and folders named box:

mysvcc.exe

If any of these files are found please delete them.

Repeat for this file


w00e3a17.dll


Run an online virus scan called Kapersky from HERE.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.


Rename HijackThis.exe to look.exe

Post back with the Kapersky log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby shadowkun » October 13th, 2006, 6:57 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, October 13, 2006 6:52:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/10/2006
Kaspersky Anti-Virus database records: 218348
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
E:\WINDOWS
E:\DOCUME~1\Maciek\LOCALS~1\Temp\

Scan Statistics:
Total number of scanned objects: 13125
Number of viruses found: 6
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:12:26

Infected Object Name / Virus Name / Last Action
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\drpep.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
E:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
E:\WINDOWS\system32\kt4ol7h31.dll Object is locked skipped
E:\WINDOWS\system32\mvj8l91u1.dll Object is locked skipped
E:\WINDOWS\system32\mysvcc.exe Infected: Backdoor.Win32.SdBot.awk skipped
E:\WINDOWS\system32\oekc62d5.dll Infected: Trojan-Downloader.Win32.Agent.awb skipped
E:\WINDOWS\system32\qaz Infected: Trojan-Downloader.BAT.Ftp.cb skipped
E:\WINDOWS\system32\recsl.exe Infected: Backdoor.Win32.SdBot.awk skipped
E:\WINDOWS\system32\w00e3a17.dll Infected: Trojan-Downloader.Win32.Agent.aol skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\DOCUME~1\Maciek\LOCALS~1\Temp\Perflib_Perfdata_1dc.dat Object is locked skipped
E:\DOCUME~1\Maciek\LOCALS~1\Temp\Perflib_Perfdata_b80.dat Object is locked skipped
E:\DOCUME~1\Maciek\LOCALS~1\Temp\~DF31AA.tmp Object is locked skipped
E:\DOCUME~1\Maciek\LOCALS~1\Temp\~DF577A.tmp Object is locked skipped

Scan process completed.

and Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 6:52:50 PM, on 10/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\Explorer.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ITE\Smart Guardian\ITESMART.exe
E:\WINDOWS\System32\RunDLL32.exe
E:\WINDOWS\System32\mysvcc.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\AGEIA Technologies\TrayIcon.exe
E:\Program Files\Winamp\Winampa.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\palmOne\Hotsync.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Opera\Opera.exe
H:\emule\emule.exe
E:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe
E:\Documents and Settings\Maciek\Desktop\look.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\nlc.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe,E:\WINDOWS\system32\nlc.exe
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - E:\WINDOWS\System32\jkkkkjk.dll
O2 - BHO: (no name) - {ECDEDD3D-A4B1-4E13-B702-D71DFF1E71A2} - E:\WINDOWS\System32\ddabc.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] E:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] E:\WINDOWS\system32\nlc.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e28.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.5.lnk = E:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Startup: palmOne Registration.lnk = E:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = E:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9596952468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9597209296
O20 - Winlogon Notify: ddabc - E:\WINDOWS\System32\ddabc.dll
O20 - Winlogon Notify: jkkkkjk - E:\WINDOWS\SYSTEM32\jkkkkjk.dll
O20 - Winlogon Notify: ModuleUsage - E:\WINDOWS\system32\kt4ol7h31.dll
O20 - Winlogon Notify: SharedDLLs - E:\WINDOWS\system32\ptfmgr.dll (file missing)
O20 - Winlogon Notify: URL - E:\WINDOWS\system32\ptfmgr.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - E:\WINDOWS\system32\nlc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe


I don't get the annoying slowdowns anymore, though popups on IE and Opera still occur. The annoying messages on startup disappeared, but windows keeps putting up an error that it couldn't find nlc.exe. Thanks for the help, let's hope we can clean it up entirely!
shadowkun
Active Member
 
Posts: 5
Joined: October 13th, 2006, 3:43 pm

Unread postby random/random » October 14th, 2006, 5:46 am

Unforunately it looks like one of the infections that hid from HijackThis before it was renamed has stopped most of the fixes, so I'll need you to repeat some things you have a already done.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Restart

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Download and unzip BFU.zip from here.
Run the program and click the Web button as shown by the blue arrow below:
Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/alcanshorty.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Double click on killservices.bat

Restart

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

F2 - REG:system.ini: Shell=Explorer.exe E:\WINDOWS\system32\nlc.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\System32\userinit.exe,E:\WINDOWS\system32\nlc.exe
O2 - BHO: (no name) - {7D00738B-6974-4794-98D4-DE79A07ECD81} - E:\WINDOWS\System32\jkkkkjk.dll
O2 - BHO: (no name) - {ECDEDD3D-A4B1-4E13-B702-D71DFF1E71A2} - E:\WINDOWS\System32\ddabc.dll
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Microsoft (R) Windows Network Latency Controller] E:\WINDOWS\system32\nlc.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e28.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O20 - Winlogon Notify: ddabc - E:\WINDOWS\System32\ddabc.dll
O20 - Winlogon Notify: jkkkkjk - E:\WINDOWS\SYSTEM32\jkkkkjk.dll
O20 - Winlogon Notify: ModuleUsage - E:\WINDOWS\system32\kt4ol7h31.dll
O20 - Winlogon Notify: SharedDLLs - E:\WINDOWS\system32\ptfmgr.dll (file missing)
O20 - Winlogon Notify: URL - E:\WINDOWS\system32\ptfmgr.dll (file missing)
O23 - Service: Windows Network Latency Controller (nlc) - Unknown owner - E:\WINDOWS\system32\nlc.exe (file missing)

Then close all windows except Hijackthis and click Fix Checked

Restart

Use windows explorer to find and delete these files:

E:\WINDOWS\System32\mysvcc.exe
E:\WINDOWS\System32\ddabc.dll
E:\WINDOWS\SYSTEM32\jkkkkjk.dll
E:\WINDOWS\system32\kt4ol7h31.dll
E:\WINDOWS\system32\ptfmgr.dll
E:\WINDOWS\system32\config\drpep.exe
E:\WINDOWS\system32\i
E:\WINDOWS\system32\oekc62d5.dll
E:\WINDOWS\system32\qaz
E:\WINDOWS\system32\recsl.exe
E:\WINDOWS\system32\w00e3a17.dll

Post back with
  • The contents of C:\vundofix.txt
  • The combofix log
  • A new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby shadowkun » October 14th, 2006, 8:33 am

Thank so much for helping me, here are the three logs:

Combofix:

Maciek - 06-10-14 8:08:44.85 Service Pack 1
ComboFix 06.10.08W - Running from: E:\Documents and Settings\Maciek\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{e931a859-aa8c-4feb-8c19-a0c2303453e7}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{e931a859-aa8c-4feb-8c19-a0c2303453e7}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{e931a859-aa8c-4feb-8c19-a0c2303453e7}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{e931a859-aa8c-4feb-8c19-a0c2303453e7}\InprocServer32]
@="E:\\WINDOWS\\system32\\ptfmgr.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{c7289afa-9881-4924-862c-562449d3abf5}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{c7289afa-9881-4924-862c-562449d3abf5}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{c7289afa-9881-4924-862c-562449d3abf5}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{c7289afa-9881-4924-862c-562449d3abf5}\InprocServer32]
@="E:\\WINDOWS\\system32\\wkpcd.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{09ecb4bb-38de-4ab8-9ecf-55ed0763ec2e}]
@=""

[HKEY_CLASSES_ROOT\clsid\{09ecb4bb-38de-4ab8-9ecf-55ed0763ec2e}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{09ecb4bb-38de-4ab8-9ecf-55ed0763ec2e}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{09ecb4bb-38de-4ab8-9ecf-55ed0763ec2e}\InprocServer32]
@="E:\\WINDOWS\\system32\\dzwsockx.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{5aa3a279-452a-43c6-b46e-890376ac7495}]
@=""

[HKEY_CLASSES_ROOT\clsid\{5aa3a279-452a-43c6-b46e-890376ac7495}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{5aa3a279-452a-43c6-b46e-890376ac7495}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{5aa3a279-452a-43c6-b46e-890376ac7495}\InprocServer32]
@="E:\\WINDOWS\\system32\\dimsadsn.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

E:\WINDOWS\system32\dimsadsn.dll
E:\WINDOWS\system32\dn6m01j1e.dll
E:\WINDOWS\system32\dnj4011qe.dll
E:\WINDOWS\system32\dzwsockx.dll
E:\WINDOWS\system32\enrml1911.dll
E:\WINDOWS\system32\k0440ahqed4e0.dll
E:\WINDOWS\system32\kt4ol7h31.dll
E:\WINDOWS\system32\mvj8l91u1.dll
E:\WINDOWS\system32\mxupgrd.dll
E:\WINDOWS\system32\t88u0il9e8q.dll
E:\WINDOWS\system32\guard.tmp


Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\WINDOWS\uninstall_nmon.vbs
E:\WINDOWS\system32\atmtd.dll
E:\WINDOWS\system32\atmtd.dll._
E:\WINDOWS\system32\w00e3a17.dll
E:\Documents and Settings\LocalService\Application Data\NetMon


((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))


2006-10-13 17:44 50,912 --a------ E:\WINDOWS\iconu.exe
2006-10-13 17:08 40,973 ---hs---- E:\WINDOWS\system32\mljhffd.dll
2006-10-13 15:58 40,973 ---hs---- E:\WINDOWS\system32\qomnllk.dll
2006-10-13 15:26 42,736 --a------ E:\WINDOWS\icont.exe
2006-10-13 15:11 40,973 ---hs---- E:\WINDOWS\system32\jkkkkjk.dll
2006-10-13 13:38 98,324 --a------ E:\WINDOWS\system32\wchrqjbs.dll
2006-10-13 13:38 403,337 ---hs---- E:\WINDOWS\system32\cbadd.bak1
2006-10-13 13:38 143,380 --a------ E:\WINDOWS\system32\mwlbyaci.exe
2006-10-13 13:37 684,084 ---hs---- E:\WINDOWS\system32\ddabc.dll
2006-10-13 13:02 61,952 --a------ E:\WINDOWS\system32\oekc62d5.dll
2006-10-13 13:02 1,259 --a------ E:\WINDOWS\system32\oekc62d5.sys
2006-10-13 13:01 40,973 ---hs---- E:\WINDOWS\system32\pmnlijg.dll
2006-10-12 18:33 80,384 -r-hs---- E:\WINDOWS\eiRecvr.exe
2006-10-11 20:56 40,960 --a------ E:\WINDOWS\system32\psfind.dll
2006-10-11 20:56 1,060,864 --a------ E:\WINDOWS\system32\mfc71.dll
2006-10-09 18:23 69,632 --a------ E:\WINDOWS\uinst001.exe
2006-10-05 23:35 327,168 --a------ E:\WINDOWS\IsUninst.exe
2006-10-05 23:27 16,694 --a------ E:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-10-05 23:09 53,248 --a------ E:\WINDOWS\PalmDevC.dll
2006-10-05 15:12 62,744 --a------ E:\WINDOWS\system32\xinput1_2.dll
2006-10-05 15:12 236,824 --a------ E:\WINDOWS\system32\xactengine2_3.dll
2006-10-04 08:11 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2006-10-02 21:50 0 --a------ E:\WINDOWS\system32\setup_41812.exe
2006-10-02 21:27 983,101 --a------ E:\WINDOWS\system32\LXBLGF.DLL
2006-10-02 21:27 90,112 --a------ E:\WINDOWS\system32\LXBLCUR.DLL
2006-10-02 21:27 86,016 --a------ E:\WINDOWS\system32\LXBLIH.EXE
2006-10-02 21:27 77,824 --a------ E:\WINDOWS\system32\LXBLLCNP.DLL
2006-10-02 21:27 73,728 --a------ E:\WINDOWS\system32\lxblpwr.dll
2006-10-02 21:27 69,632 --a------ E:\WINDOWS\system32\LXBLCU.DLL
2006-10-02 21:27 544,768 --a------ E:\WINDOWS\system32\LXBLLSNT.EXE
2006-10-02 21:27 454,656 --a------ E:\WINDOWS\system32\LXBLJSWR.DLL
2006-10-02 21:27 40,960 --a------ E:\WINDOWS\system32\lxblvs.dll
2006-10-02 21:27 40,960 --a------ E:\WINDOWS\system32\INSTMON.EXE
2006-10-02 21:27 339,968 --a------ E:\WINDOWS\system32\LXBLUTIL.DLL
2006-10-02 21:27 307,200 --a------ E:\WINDOWS\system32\LEXBCES.EXE
2006-10-02 21:27 299,520 --a------ E:\WINDOWS\uninst.exe
2006-10-02 21:27 286,720 --a------ E:\WINDOWS\system32\LXBLPMNT.DLL
2006-10-02 21:27 286,720 --a------ E:\WINDOWS\system32\lxblcomm.dll
2006-10-02 21:27 217,088 --a------ E:\WINDOWS\system32\LXBLLCNT.DLL
2006-10-02 21:27 201,216 --a------ E:\WINDOWS\system32\LEXP2P32.DLL
2006-10-02 21:27 200,192 --a------ E:\WINDOWS\system32\LEXLMPM.DLL
2006-10-02 21:27 197,120 --a------ E:\WINDOWS\system32\LEX2KUSB.DLL
2006-10-02 21:27 174,592 --a------ E:\WINDOWS\system32\LEXPPS.EXE
2006-10-02 21:27 155,648 --a------ E:\WINDOWS\system32\LEXPING.EXE
2006-10-02 21:27 147,456 --a------ E:\WINDOWS\system32\LEXBCE.DLL
2006-10-02 21:27 126,976 --a------ E:\WINDOWS\system32\LXBLCFG.EXE
2006-10-02 20:46 24,960 --a------ E:\WINDOWS\system32\drivers\usbprint.sys
2006-10-02 13:45 98,304 --a------ E:\WINDOWS\system32\CmdLineExt.dll
2006-10-01 20:23 761,856 --a------ E:\WINDOWS\system32\xvidcore.dll
2006-10-01 20:23 180,224 --a------ E:\WINDOWS\system32\xvidvfw.dll
2006-10-01 10:53 816,264 --a------ E:\WINDOWS\system32\wmvdmod.dll
2006-10-01 10:53 760,968 --a------ E:\WINDOWS\system32\wmsdmod.dll
2006-10-01 10:53 486,536 --a------ E:\WINDOWS\system32\wmspdmod.dll
2006-10-01 10:53 410,248 --a------ E:\WINDOWS\system32\wmadmod.dll
2006-10-01 10:53 384,512 --a------ E:\WINDOWS\system32\mp4sdmod.dll
2006-10-01 10:53 316,040 --a------ E:\WINDOWS\system32\mp43dmod.dll
2006-10-01 10:53 241,664 --a------ E:\WINDOWS\system32\mpg4dmod.dll
2006-09-30 07:25 593,408 --a------ E:\WINDOWS\system32\h323msp.dll
2006-09-30 07:25 548,352 --a------ E:\WINDOWS\system32\rtcdll.dll
2006-09-30 07:25 439,808 --a------ E:\WINDOWS\system32\ipnathlp.dll
2006-09-30 07:25 26,112 --a------ E:\WINDOWS\system32\xpsp1hfm.exe
2006-09-30 07:22 947,472 --a------ E:\WINDOWS\system32\msjava.dll
2006-09-30 07:22 63,248 --a------ E:\WINDOWS\system32\javaprxy.dll
2006-09-30 07:22 49,424 --a------ E:\WINDOWS\system32\clspack.exe
2006-09-30 07:22 46,352 --a------ E:\WINDOWS\setdebug.exe
2006-09-30 07:22 404,752 --a------ E:\WINDOWS\system32\javart.dll
2006-09-30 07:22 313,856 --a------ E:\WINDOWS\system32\dx3j.dll
2006-09-30 07:22 286,992 --a------ E:\WINDOWS\system32\vmhelper.dll
2006-09-30 07:22 21,264 --a------ E:\WINDOWS\system32\msjdbc10.dll
2006-09-30 07:22 187,152 --a------ E:\WINDOWS\system32\javacypt.dll
2006-09-30 07:22 172,304 --a------ E:\WINDOWS\system32\jview.exe
2006-09-30 07:22 171,792 --a------ E:\WINDOWS\system32\wjview.exe
2006-09-30 07:22 171,280 --a------ E:\WINDOWS\system32\jit.dll
2006-09-30 07:22 154,384 --a------ E:\WINDOWS\system32\msawt.dll
2006-09-30 07:22 15,120 --a------ E:\WINDOWS\system32\jdbgmgr.exe
2006-09-30 07:22 139,536 --a------ E:\WINDOWS\system32\javaee.dll
2006-09-30 07:22 113 --a------ E:\WINDOWS\system32\zonedon.reg
2006-09-30 07:22 113 --a------ E:\WINDOWS\system32\zonedoff.reg
2006-09-29 23:58 611,064 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2006-09-29 23:46 991,232 --a------ E:\WINDOWS\system32\esent.dll
2006-09-29 23:36 78,567 --a------ E:\WINDOWS\system32\recsl.exe
2006-09-29 23:26 7,680 --------- E:\WINDOWS\system32\bitsprx2.dll
2006-09-29 23:26 7,168 --------- E:\WINDOWS\system32\bitsprx3.dll
2006-09-29 23:26 331,776 --a------ E:\WINDOWS\system32\winhttp.dll
2006-09-29 23:26 22,752 --a------ E:\WINDOWS\system32\spupdsvc.exe
2006-09-29 23:26 17,408 --a------ E:\WINDOWS\system32\qmgrprxy.dll
2006-09-29 23:15 465,176 --a------ E:\WINDOWS\system32\wuapi.dll
2006-09-29 23:15 41,240 --a------ E:\WINDOWS\system32\wups.dll
2006-09-29 23:15 194,328 --a------ E:\WINDOWS\system32\wuaueng1.dll
2006-09-29 23:15 172,312 --a------ E:\WINDOWS\system32\wuauclt1.exe
2006-09-29 23:15 127,256 --a------ E:\WINDOWS\system32\wucltui.dll
2006-09-29 21:20 98,816 --a------ E:\WINDOWS\system32\dmstyle.dll
2006-09-29 21:20 974,848 --a------ E:\WINDOWS\system32\dxdiag.exe
2006-09-29 21:20 83,968 --a------ E:\WINDOWS\system32\drivers\nabtsfec.sys
2006-09-29 21:20 80,896 --a------ E:\WINDOWS\system32\dpvsetup.exe
2006-09-29 21:20 8,192 --a------ E:\WINDOWS\system32\d3d8thk.dll
2006-09-29 21:20 797,184 --a------ E:\WINDOWS\system32\d3dim700.dll
2006-09-29 21:20 79,360 --a------ E:\WINDOWS\system32\dpwsockx.dll
2006-09-29 21:20 77,824 --a------ E:\WINDOWS\system32\dpmodemx.dll
2006-09-29 21:20 76,800 --a------ E:\WINDOWS\system32\dmscript.dll
2006-09-29 21:20 733,184 --a------ E:\WINDOWS\system32\qedwipes.dll
2006-09-29 21:20 723,968 --a------ E:\WINDOWS\system32\dpnet.dll
2006-09-29 21:20 7,424 --a------ E:\WINDOWS\system32\drivers\mskssrv.sys
2006-09-29 21:20 68,096 --a------ E:\WINDOWS\system32\dpnhupnp.dll
2006-09-29 21:20 667,648 --a------ E:\WINDOWS\system32\dinput8.dll
2006-09-29 21:20 648,704 --a------ E:\WINDOWS\system32\dinput.dll
2006-09-29 21:20 64,512 --a------ E:\WINDOWS\system32\amstream.dll
2006-09-29 21:20 62,672 --a------ E:\WINDOWS\system32\dxdllreg.exe
2006-09-29 21:20 602,624 --a------ E:\WINDOWS\system32\dx7vb.dll
2006-09-29 21:20 58,368 --a------ E:\WINDOWS\system32\dmcompos.dll
2006-09-29 21:20 52,096 --a------ E:\WINDOWS\system32\drivers\msdv.sys
2006-09-29 21:20 5,504 --a------ E:\WINDOWS\system32\drivers\mstee.sys
2006-09-29 21:20 5,248 --a------ E:\WINDOWS\system32\drivers\mspclock.sys
2006-09-29 21:20 491,520 --a------ E:\WINDOWS\system32\dsdmoprp.dll
2006-09-29 21:20 48,512 --a------ E:\WINDOWS\system32\drivers\stream.sys
2006-09-29 21:20 470,528 --a------ E:\WINDOWS\system32\qdvd.dll
2006-09-29 21:20 47,104 --a------ E:\WINDOWS\system32\wstdecod.dll
2006-09-29 21:20 467,968 --a------ E:\WINDOWS\system32\diactfrm.dll
2006-09-29 21:20 4,608 --a------ E:\WINDOWS\system32\drivers\mspqm.sys
2006-09-29 21:20 4,096 --a------ E:\WINDOWS\system32\ksuser.dll
2006-09-29 21:20 4,096 --a------ E:\WINDOWS\system32\drivers\swenum.sys
2006-09-29 21:20 381,952 --a------ E:\WINDOWS\system32\dsound.dll
2006-09-29 21:20 381,952 --a------ E:\WINDOWS\system32\dpvoice.dll
2006-09-29 21:20 354,816 --a------ E:\WINDOWS\system32\psisdecd.dll
2006-09-29 21:20 34,304 --a------ E:\WINDOWS\system32\mciqtz32.dll
2006-09-29 21:20 33,280 --a------ E:\WINDOWS\system32\dmloader.dll
2006-09-29 21:20 324,096 --a------ E:\WINDOWS\system32\mswebdvd.dll
2006-09-29 21:20 32,768 --a------ E:\WINDOWS\system32\dpnhpast.dll
2006-09-29 21:20 316,928 --a------ E:\WINDOWS\system32\qdv.dll
2006-09-29 21:20 31,744 --a------ E:\WINDOWS\system32\pid.dll
2006-09-29 21:20 3,072 --a------ E:\WINDOWS\system32\dpnlobby.dll
2006-09-29 21:20 3,072 --a------ E:\WINDOWS\system32\dpnaddr.dll
2006-09-29 21:20 292,864 --a------ E:\WINDOWS\system32\ddraw.dll
2006-09-29 21:20 28,160 --a------ E:\WINDOWS\system32\dplaysvr.exe
2006-09-29 21:20 27,136 --a------ E:\WINDOWS\system32\dmband.dll
2006-09-29 21:20 257,024 --a------ E:\WINDOWS\system32\qcap.dll
2006-09-29 21:20 24,064 --a------ E:\WINDOWS\system32\ddrawex.dll
2006-09-29 21:20 230,400 --a------ E:\WINDOWS\system32\dplayx.dll
2006-09-29 21:20 223,232 --a------ E:\WINDOWS\system32\gcdef.dll
2006-09-29 21:20 19,968 --a------ E:\WINDOWS\system32\dpvacm.dll
2006-09-29 21:20 186,880 --a------ E:\WINDOWS\system32\dsdmo.dll
2006-09-29 21:20 181,248 --a------ E:\WINDOWS\system32\dmime.dll
2006-09-29 21:20 18,944 --a------ E:\WINDOWS\system32\encapi.dll
2006-09-29 21:20 18,688 --a------ E:\WINDOWS\system32\drivers\wstcodec.sys
2006-09-29 21:20 18,432 --a------ E:\WINDOWS\system32\dswave.dll
2006-09-29 21:20 173,056 --a------ E:\WINDOWS\system32\qasf.dll
2006-09-29 21:20 16,896 --a------ E:\WINDOWS\system32\msyuv.dll
2006-09-29 21:20 16,896 --a------ E:\WINDOWS\system32\dpnsvr.exe
2006-09-29 21:20 16,384 --a------ E:\WINDOWS\system32\drivers\ccdecode.sys
2006-09-29 21:20 15,104 --a------ E:\WINDOWS\system32\drivers\mpe.sys
2006-09-29 21:20 14,976 --a------ E:\WINDOWS\system32\drivers\streamip.sys
2006-09-29 21:20 132,608 --a------ E:\WINDOWS\system32\devenum.dll
2006-09-29 21:20 130,304 --a------ E:\WINDOWS\system32\drivers\ks.sys
2006-09-29 21:20 13,312 --a------ E:\WINDOWS\system32\msdmo.dll
2006-09-29 21:20 122,880 --a------ E:\WINDOWS\system32\dmusic.dll
2006-09-29 21:20 112,128 --a------ E:\WINDOWS\system32\dpvvox.dll
2006-09-29 21:20 11,392 --a------ E:\WINDOWS\system32\drivers\bdasup.sys
2006-09-29 21:20 100,864 --a------ E:\WINDOWS\system32\dmsynth.dll
2006-09-29 21:20 10,880 --a------ E:\WINDOWS\system32\drivers\slip.sys
2006-09-29 21:20 10,112 --a------ E:\WINDOWS\system32\drivers\ndisip.sys
2006-09-29 21:20 1,798,144 --a------ E:\WINDOWS\system32\qedit.dll
2006-09-29 21:20 1,769,472 --a------ E:\WINDOWS\system32\dxdiagn.dll
2006-09-29 21:20 1,689,088 --a------ E:\WINDOWS\system32\d3d9.dll
2006-09-29 21:20 1,294,336 --a------ E:\WINDOWS\system32\dsound3d.dll
2006-09-29 21:20 1,230,336 --a------ E:\WINDOWS\system32\msvidctl.dll
2006-09-29 21:20 1,201,152 --a------ E:\WINDOWS\system32\d3d8.dll
2006-09-29 21:20 1,189,888 --a------ E:\WINDOWS\system32\dx8vb.dll
2006-09-29 09:13 208,896 --a------ E:\WINDOWS\system32\nvudisp.exe
2006-09-29 09:08 6,080 --a------ E:\WINDOWS\system32\drivers\zntport.sys
2006-09-29 09:08 46,080 -ra------ E:\WINDOWS\system32\itevio.dll
2006-09-29 09:08 118,784 -ra------ E:\WINDOWS\system32\Msstdfmt.dll
2006-09-29 09:08 102,912 -ra------ E:\WINDOWS\system32\Ntport.dll
2006-09-29 09:03 77,440 --a------ E:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-29 09:03 577,536 -r------- E:\WINDOWS\soundman.exe
2006-09-29 09:03 57,856 --a------ E:\WINDOWS\system32\drivers\drmk.sys
2006-09-29 09:03 56,832 --a------ E:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-29 09:03 54,272 --a------ E:\WINDOWS\system32\drivers\swmidi.sys
2006-09-29 09:03 50,048 --a------ E:\WINDOWS\system32\drivers\DMusic.sys
2006-09-29 09:03 5,888 --a------ E:\WINDOWS\system32\drivers\splitter.sys
2006-09-29 09:03 40,960 -r------- E:\WINDOWS\system32\ChCfg.exe
2006-09-29 09:03 3,844,288 -r------- E:\WINDOWS\system32\drivers\alcxwdm.sys
2006-09-29 09:03 217,088 -ra------ E:\WINDOWS\Alcrmv.exe
2006-09-29 09:03 2,816 --a------ E:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-29 09:03 159,360 --a------ E:\WINDOWS\system32\drivers\kmixer.sys
2006-09-29 09:03 142,208 --a------ E:\WINDOWS\system32\drivers\aec.sys
2006-09-29 09:03 135,168 -r------- E:\WINDOWS\system32\RtlCPAPI.dll
2006-09-29 09:03 134,272 --a------ E:\WINDOWS\system32\drivers\portcls.sys
2006-09-29 09:03 10,477,568 -r------- E:\WINDOWS\system32\RTLCPL.exe
2006-09-29 09:02 307,200 -r------- E:\WINDOWS\alcupd.exe
2006-09-29 09:00 9,728 -ra------ E:\WINDOWS\system32\bdco1ins.dll
2006-09-29 09:00 9,728 -ra------ E:\WINDOWS\system32\bdco1.dll
2006-09-29 09:00 89,856 -ra------ E:\WINDOWS\system32\drivers\nvatabus.sys
2006-09-29 09:00 62,976 --a------ E:\WINDOWS\system32\drivers\pci.sys
2006-09-29 09:00 33,408 -ra------ E:\WINDOWS\system32\drivers\NVENETFD.sys
2006-09-29 09:00 32,256 -ra------ E:\WINDOWS\system32\nvconrm.dll
2006-09-29 09:00 295,424 -ra------ E:\WINDOWS\system32\idecoi.dll
2006-09-29 09:00 261,504 -ra------ E:\WINDOWS\system32\drivers\nvnrm.sys
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\nvusmb.exe
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\nvunrm.exe
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\NVUNINST.EXE
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\nvuide.exe
2006-09-29 09:00 208,256 -ra------ E:\WINDOWS\system32\drivers\nvsnpu.sys
2006-09-29 09:00 201,728 -ra------ E:\WINDOWS\system32\fdco1ins.dll
2006-09-29 09:00 201,728 -ra------ E:\WINDOWS\system32\fdco1.dll
2006-09-29 09:00 16,640 -ra------ E:\WINDOWS\system32\drivers\nvcchflt.sys
2006-09-29 09:00 12,928 -ra------ E:\WINDOWS\system32\drivers\nvnetbus.sys
2006-09-29 08:51 91,136 --a------ E:\WINDOWS\system32\MSOERT2.DLL
2006-09-29 08:51 9,728 --a------ E:\WINDOWS\system32\mstinit.exe
2006-09-29 08:51 77,824 --a------ E:\WINDOWS\system32\isign32.dll
2006-09-29 08:51 73,728 --a------ E:\WINDOWS\system32\ils.dll
2006-09-29 08:51 69,632 --a------ E:\WINDOWS\system32\icwdial.dll
2006-09-29 08:51 69,248 --a------ E:\WINDOWS\system32\drivers\sr.sys
2006-09-29 08:51 65,536 --a------ E:\WINDOWS\system32\msconf.dll
2006-09-29 08:51 64,512 --a------ E:\WINDOWS\system32\acctres.dll
2006-09-29 08:51 63,488 --a------ E:\WINDOWS\system32\srclient.dll
2006-09-29 08:51 61,440 --a------ E:\WINDOWS\system32\icwphbk.dll
2006-09-29 08:51 596,480 --a------ E:\WINDOWS\system32\INETCOMM.DLL
2006-09-29 08:51 47,616 --a------ E:\WINDOWS\system32\INETRES.DLL
2006-09-29 08:51 40,960 --a------ E:\WINDOWS\system32\safrslv.dll
2006-09-29 08:51 39,424 --a------ E:\WINDOWS\system32\safrcdlg.dll
2006-09-29 08:51 361,984 --a------ E:\WINDOWS\system32\qmgr.dll
2006-09-29 08:51 33,280 --a------ E:\WINDOWS\system32\racpldlg.dll
2006-09-29 08:51 32,768 --a------ E:\WINDOWS\system32\mnmsrvc.exe
2006-09-29 08:51 32,256 --a------ E:\WINDOWS\system32\mnmdd.dll
2006-09-29 08:51 28,672 --a------ E:\WINDOWS\system32\isrdbg32.dll
2006-09-29 08:51 266,240 --a------ E:\WINDOWS\system32\inetcfg.dll
2006-09-29 08:51 26,624 --a------ E:\WINDOWS\system32\safrdm.dll
2006-09-29 08:51 250,368 --a------ E:\WINDOWS\system32\mstask.dll
2006-09-29 08:51 24,576 --a------ E:\WINDOWS\system32\nmmkcert.dll
2006-09-29 08:51 229,376 --a------ E:\WINDOWS\system32\MSOEACCT.DLL
2006-09-29 08:51 226,816 --a------ E:\WINDOWS\system32\srrstr.dll
2006-09-29 08:51 16,384 --a------ E:\WINDOWS\system32\icfgnt5.dll
2006-09-29 08:51 159,232 --a------ E:\WINDOWS\system32\schedsvc.dll
2006-09-29 08:51 158,720 --a------ E:\WINDOWS\system32\srsvc.dll
2006-09-29 08:51 12,288 --a------ E:\WINDOWS\system32\nmevtmsg.dll
2006-09-29 08:51 11,264 --a------ E:\WINDOWS\system32\atrace.dll
2006-09-29 08:50 974,336 --a------ E:\WINDOWS\system32\msdtctm.dll
2006-09-29 08:50 9,728 --a------ E:\WINDOWS\system32\reset.exe
2006-09-29 08:50 89,600 --a------ E:\WINDOWS\system32\comrepl.dll
2006-09-29 08:50 85,504 --a------ E:\WINDOWS\system32\catsrvps.dll
2006-09-29 08:50 80,384 --a------ E:\WINDOWS\system32\charmap.exe
2006-09-29 08:50 73,216 --a------ E:\WINDOWS\system32\avwav.dll
2006-09-29 08:50 61,952 --a------ E:\WINDOWS\system32\rdshost.exe
2006-09-29 08:50 605,696 --a------ E:\WINDOWS\system32\getuname.dll
2006-09-29 08:50 6,144 --a------ E:\WINDOWS\system32\msdtc.exe
2006-09-29 08:50 56,832 --a------ E:\WINDOWS\system32\sol.exe
2006-09-29 08:50 55,296 --a------ E:\WINDOWS\system32\freecell.exe
2006-09-29 08:50 54,784 --a------ E:\WINDOWS\system32\msdtclog.dll
2006-09-29 08:50 54,272 --a------ E:\WINDOWS\system32\stclient.dll
2006-09-29 08:50 5,632 --a------ E:\WINDOWS\system32\write.exe
2006-09-29 08:50 5,120 --a------ E:\WINDOWS\system32\dcomcnfg.exe
2006-09-29 08:50 499,200 --a------ E:\WINDOWS\system32\comuid.dll
2006-09-29 08:50 44,544 --a------ E:\WINDOWS\system32\hticons.dll
2006-09-29 08:50 4,096 --a------ E:\WINDOWS\system32\rdpcfgex.dll
2006-09-29 08:50 4,096 --a------ E:\WINDOWS\system32\mtxex.dll
2006-09-29 08:50 35,328 --a------ E:\WINDOWS\system32\winchat.exe
2006-09-29 08:50 33,792 --a------ E:\WINDOWS\system32\regini.exe
2006-09-29 08:50 25,600 --a------ E:\WINDOWS\system32\comaddin.dll
2006-09-29 08:50 25,088 --a------ E:\WINDOWS\system32\mtxlegih.dll
2006-09-29 08:50 227,840 --a------ E:\WINDOWS\system32\avtapi.dll
2006-09-29 08:50 220,672 --a------ E:\WINDOWS\system32\catsrv.dll
2006-09-29 08:50 22,016 --a------ E:\WINDOWS\system32\qwinsta.exe
2006-09-29 08:50 20,992 --a------ E:\WINDOWS\system32\msg.exe
2006-09-29 08:50 20,480 --a------ E:\WINDOWS\system32\mtxdm.dll
2006-09-29 08:50 20,232 --a------ E:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-29 08:50 18,432 --a------ E:\WINDOWS\system32\qprocess.exe
2006-09-29 08:50 179,200 --a------ E:\WINDOWS\system32\accwiz.exe
2006-09-29 08:50 16,896 --a------ E:\WINDOWS\system32\tsshutdn.exe
2006-09-29 08:50 16,896 --a------ E:\WINDOWS\system32\qappsrv.exe
2006-09-29 08:50 16,384 --a------ E:\WINDOWS\system32\tskill.exe
2006-09-29 08:50 16,384 --a------ E:\WINDOWS\system32\avmeter.dll
2006-09-29 08:50 150,528 --a------ E:\WINDOWS\system32\msdtcuiu.dll
2006-09-29 08:50 15,872 --a------ E:\WINDOWS\system32\rwinsta.exe
2006-09-29 08:50 15,872 --a------ E:\WINDOWS\system32\cdmodem.dll
2006-09-29 08:50 15,360 --a------ E:\WINDOWS\system32\logoff.exe
2006-09-29 08:50 147,456 --a------ E:\WINDOWS\system32\comsnap.dll
2006-09-29 08:50 14,848 --a------ E:\WINDOWS\system32\tsdiscon.exe
2006-09-29 08:50 14,848 --a------ E:\WINDOWS\system32\tscon.exe
2006-09-29 08:50 14,848 --a------ E:\WINDOWS\system32\shadow.exe
2006-09-29 08:50 138,752 --a------ E:\WINDOWS\system32\sndvol32.exe
2006-09-29 08:50 126,976 --a------ E:\WINDOWS\system32\mshearts.exe
2006-09-29 08:50 124,416 --a------ E:\WINDOWS\system32\sndrec32.exe
2006-09-29 08:50 119,808 --a------ E:\WINDOWS\system32\winmine.exe
2006-09-29 08:50 114,688 --a------ E:\WINDOWS\system32\calc.exe
2006-09-29 08:50 110,080 --a------ E:\WINDOWS\system32\clbcatex.dll
2006-09-29 08:50 11,776 --a------ E:\WINDOWS\system32\xolehlp.dll
2006-09-29 08:50 11,144 --a------ E:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-29 08:50 1,161 --a------ E:\WINDOWS\system32\usrlogon.cmd
2006-09-29 08:49 98,816 --a------ E:\WINDOWS\system32\clipbrd.exe
2006-09-29 08:49 9,216 --a------ E:\WINDOWS\system32\wuauserv.dll
2006-09-29 08:49 9,216 --a------ E:\WINDOWS\system32\icaapi.dll
2006-09-29 08:49 88,064 --a------ E:\WINDOWS\system32\tscfgwmi.dll
2006-09-29 08:49 75,912 --a------ E:\WINDOWS\system32\rdpwsx.dll
2006-09-29 08:49 598,016 --a------ E:\WINDOWS\system32\mstscax.dll
2006-09-29 08:49 581,632 --a------ E:\WINDOWS\system32\catsrvut.dll
2006-09-29 08:49 57,856 --a------ E:\WINDOWS\system32\licwmi.dll
2006-09-29 08:49 56,320 --a------ E:\WINDOWS\system32\remotepg.dll
2006-09-29 08:49 534,016 --a------ E:\WINDOWS\system32\spider.exe
2006-09-29 08:49 53,248 --a------ E:\WINDOWS\system32\servdeps.dll
2006-09-29 08:49 44,032 --a------ E:\WINDOWS\system32\rdpclip.exe
2006-09-29 08:49 40,960 --a------ E:\WINDOWS\system32\tscupgrd.exe
2006-09-29 08:49 388,608 --a------ E:\WINDOWS\system32\mstsc.exe
2006-09-29 08:49 38,024 --a------ E:\WINDOWS\system32\drivers\termdd.sys
2006-09-29 08:49 368,640 --a------ E:\WINDOWS\system32\msdtcprx.dll
2006-09-29 08:49 339,968 --a------ E:\WINDOWS\system32\mspaint.exe
2006-09-29 08:49 32,768 --a------ E:\WINDOWS\system32\cfgbkend.dll
2006-09-29 08:49 200,192 --a------ E:\WINDOWS\system32\termsrv.dll
2006-09-29 08:49 182,400 --a------ E:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-29 08:49 174,592 --a------ E:\WINDOWS\system32\cmprops.dll
2006-09-29 08:49 16,384 --a------ E:\WINDOWS\system32\mmfutil.dll
2006-09-29 08:49 14,848 --a------ E:\WINDOWS\system32\rdpsnd.dll
2006-09-29 08:49 135,680 --a------ E:\WINDOWS\system32\rdchost.dll
2006-09-29 08:49 129,024 --a------ E:\WINDOWS\system32\sessmgr.exe
2006-09-29 08:49 124,184 --a------ E:\WINDOWS\system32\wuauclt.exe
2006-09-29 08:49 12,288 --a------ E:\WINDOWS\system32\rdsaddin.exe
2006-09-29 08:49 116,736 --a------ E:\WINDOWS\system32\mplay32.exe
2006-09-29 08:49 116,104 --a------ E:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-29 08:49 1,343,768 --a------ E:\WINDOWS\system32\wuaueng.dll
2006-09-29 01:47 99,328 --a------ E:\WINDOWS\system32\irftp.exe
2006-09-29 01:47 78,336 --a------ E:\WINDOWS\system32\irmon.dll
2006-09-29 01:47 7,680 --a------ E:\WINDOWS\system32\wshirda.dll
2006-09-29 01:47 67,072 --a------ E:\WINDOWS\system32\usbui.dll
2006-09-29 01:47 6,400 --a------ E:\WINDOWS\system32\drivers\enum1394.sys
2006-09-29 01:47 56,576 --a------ E:\WINDOWS\system32\drivers\redbook.sys
2006-09-29 01:47 55,296 --a------ E:\WINDOWS\system32\drivers\irda.sys
2006-09-29 01:47 3,072 --a------ E:\WINDOWS\system32\drivers\audstub.sys
2006-09-29 01:47 19,584 --a------ E:\WINDOWS\system32\drivers\rasirda.sys
2006-09-29 01:47 18,688 --a------ E:\WINDOWS\system32\drivers\irsir.sys
2006-09-29 01:46 85,020 --a------ E:\WINDOWS\system32\dgsetup.dll
2006-09-29 01:46 8,192 -ra------ E:\WINDOWS\system32\kbdhept.dll
2006-09-29 01:46 71,168 --a------ E:\WINDOWS\system32\storprop.dll
2006-09-29 01:46 7,168 -ra------ E:\WINDOWS\system32\kbdcz.dll
2006-09-29 01:46 66,048 --a------ E:\WINDOWS\NOTEPAD.EXE
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdycl.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdsl1.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdsl.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdpl.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdhu.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdhela3.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdcz2.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdcz1.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdcr.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\KBDAL.DLL
2006-09-29 01:46 6,656 --a------ E:\WINDOWS\system32\batt.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdtuq.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdtuf.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdlv1.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdlv.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdhela2.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdgkl.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdest.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdycc.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbduzb.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdur.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdtat.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdru1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdru.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdro.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdpl1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdmon.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdlt1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdlt.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdkyr.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdkaz.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhu1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhe319.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhe220.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhe.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdbu.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdblr.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdazel.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdaze.dll
2006-09-29 01:46 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll
2006-09-29 01:46 176,157 --a------ E:\WINDOWS\system32\dgrpsetu.dll
2006-09-29 01:46 15,360 --a------ E:\WINDOWS\TASKMAN.EXE
2006-09-29 01:46 13,312 --a------ E:\WINDOWS\system32\irclass.dll
2006-09-29 01:46 103,424 --a------ E:\WINDOWS\system32\EqnClass.Dll
2006-09-29 01:46 10,496 --a------ E:\WINDOWS\system32\drivers\irenum.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-14 07:49 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Skype
2006-10-13 18:33 -------- d-------- E:\Program Files\OpenOffice.org1.1.5
2006-10-13 13:38 -------- d-------- E:\Documents and Settings\Maciek\Application Data\SearchToolbarCorp
2006-10-12 23:11 -------- d-------- E:\Program Files\Plucker
2006-10-12 06:58 -------- d-------- E:\Program Files\Konnekt
2006-10-11 20:48 -------- d--h----- E:\Program Files\InstallShield Installation Information
2006-10-11 20:26 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Gearbox Software
2006-10-09 19:30 -------- d-------- E:\Program Files\mIRC
2006-10-09 19:29 -------- d-------- E:\Documents and Settings\Maciek\Application Data\My Games
2006-10-09 18:25 83 --a------ E:\Documents and Settings\Maciek\Application Data\sversion.ini
2006-10-09 17:42 -------- d-------- E:\Program Files\Microsoft Office
2006-10-09 17:42 -------- d-------- E:\Program Files\Common Files\Microsoft Shared
2006-10-09 17:41 -------- d-------- E:\Program Files\Windows Messaging
2006-10-09 08:42 -------- d-------- E:\Program Files\MarBit
2006-10-08 12:16 -------- d-------- E:\Program Files\Common Files\InstallShield
2006-10-07 20:29 -------- d-------- E:\Program Files\Winamp
2006-10-07 19:22 -------- d-------- E:\Program Files\Mjuice Media Player
2006-10-05 23:56 -------- d-------- E:\Documents and Settings\Maciek\Application Data\AdobeUM
2006-10-05 23:55 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Adobe
2006-10-05 23:35 -------- d-------- E:\Program Files\Adobe
2006-10-05 23:28 -------- d-------- E:\Program Files\palmOne
2006-10-05 23:23 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Help
2006-10-05 23:11 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Leadertech
2006-10-05 23:05 -------- d-------- E:\Documents and Settings\Maciek\Application Data\HotSync
2006-10-04 14:29 -------- d-------- E:\Program Files\Common Files
2006-10-04 08:11 -------- dr-h----- E:\Documents and Settings\Maciek\Application Data\SecuROM
2006-10-04 08:03 -------- d-------- E:\Program Files\Internet Explorer
2006-10-04 07:51 -------- d-------- E:\Documents and Settings\Maciek\Application Data\InstallShield
2006-10-02 21:27 -------- d-------- E:\Program Files\Lexmark Z700-P700 Series
2006-10-02 15:41 -------- d-------- E:\Program Files\Common Files\Adobe
2006-10-02 13:42 -------- d-------- E:\Program Files\AGEIA Technologies
2006-10-02 07:25 -------- d-------- E:\Documents and Settings\Maciek\Application Data\.BitTornado
2006-10-02 07:21 -------- d-------- E:\Program Files\BitTornado
2006-10-01 20:23 -------- d-------- E:\Program Files\XviD
2006-10-01 19:54 -------- d-------- E:\Program Files\ffdshow
2006-10-01 12:04 -------- d-------- E:\Program Files\CDBurnerXP Pro 3
2006-10-01 08:44 -------- d-------- E:\Program Files\Opera
2006-10-01 08:44 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Macromedia
2006-10-01 08:22 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Opera
2006-10-01 08:21 -------- d---s---- E:\Documents and Settings\Maciek\Application Data\Microsoft
2006-09-30 16:14 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Tlen.pl
2006-09-30 16:13 -------- d-------- E:\Program Files\Tlen.pl
2006-09-30 07:29 -------- d-------- E:\Program Files\Skype
2006-09-30 07:25 -------- d-------- E:\Program Files\NetMeeting
2006-09-30 07:22 -------- d-------- E:\Program Files\Windows Media Player
2006-09-30 07:19 -------- d-------- E:\Program Files\Outlook Express
2006-09-30 07:19 -------- d-------- E:\Program Files\Common Files\System
2006-09-30 07:18 -------- d-------- E:\Program Files\Messenger
2006-09-30 07:01 -------- d-------- E:\Program Files\DAEMON Tools
2006-09-29 23:26 -------- d-------- E:\Program Files\WinRAR
2006-09-29 23:16 -------- d--h----- E:\Program Files\WindowsUpdate
2006-09-29 09:08 -------- d-------- E:\Program Files\ITE
2006-09-29 09:03 -------- d-------- E:\Program Files\Realtek AC97
2006-09-29 08:56 -------- d--h----- E:\Program Files\Uninstall Information
2006-09-29 08:56 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Identities
2006-09-29 08:53 -------- d-------- E:\Program Files\xerox
2006-09-29 08:53 -------- d-------- E:\Program Files\microsoft frontpage
2006-09-29 08:51 -------- d-------- E:\Program Files\Movie Maker
2006-09-29 08:51 -------- d-------- E:\Program Files\Common Files\Services
2006-09-29 08:51 -------- d-------- E:\Program Files\Common Files\MSSoap
2006-09-29 08:50 -------- d-------- E:\Program Files\Windows NT
2006-09-29 08:50 -------- d-------- E:\Program Files\Online Services
2006-09-29 08:50 -------- d-------- E:\Program Files\MSN Gaming Zone
2006-09-29 08:50 -------- d-------- E:\Program Files\MSN
2006-09-29 08:50 -------- d-------- E:\Program Files\ComPlus Applications
2006-09-29 01:47 -------- d-------- E:\Program Files\Common Files\SpeechEngines
2006-09-29 01:47 -------- d-------- E:\Program Files\Common Files\ODBC
2006-09-29 01:46 62 --ahs---- E:\Documents and Settings\Maciek\Application Data\desktop.ini
2006-08-11 21:45 888832 --a------ E:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ E:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ E:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ E:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ E:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ E:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ E:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ E:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ E:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ E:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ E:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ E:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ E:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ E:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ E:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ E:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ E:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ E:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ E:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ E:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ E:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ E:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ E:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ E:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ E:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ E:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ E:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ E:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ E:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ E:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ E:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ E:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ E:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ E:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ E:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ E:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ E:\WINDOWS\system32\nvsvc32.exe
2006-07-21 01:30 72704 --a------ E:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"SmartGuardian"="E:\\Program Files\\ITE\\Smart Guardian\\ITESMART.exe"
"NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"mysvcig38"="mysvcc.exe"
"DAEMON Tools"="\"E:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"AGEIA PhysX SysTray"="E:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"WinampAgent"="\"E:\\Program Files\\Winamp\\Winampa.exe\""
"Microsoft (R) Windows Network Latency Controller"="E:\\WINDOWS\\system32\\nlc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"mysvcig38"="mysvcc.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{7D00738B-6974-4794-98D4-DE79A07ECD81}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="konnekt"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Konnekt\\konnekt.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddabc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkkkjk

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Sat 10/14/2006 8:10:26.28
E:\ComboFix.txt ... 10/14/2006 08:10 AM

VundoFix:


VundoFix V6.2.2

Checking Java version...

Sun Java not detected
Scan started at 8:11:58 AM 10/14/2006

Listing files found while scanning....

E:\WINDOWS\system32\jkkkkjk.dll
E:\WINDOWS\system32\mljhffd.dll
E:\WINDOWS\system32\pmnlijg.dll
E:\WINDOWS\system32\qomnllk.dll
E:\WINDOWS\system32\wchrqjbs.dll
E:\WINDOWS\system32\mwlbyaci.exe
E:\WINDOWS\System32\ddabc.dll
E:\WINDOWS\System32\cbadd.ini
E:\WINDOWS\System32\cbadd.bak1

Beginning removal...

Attempting to delete E:\WINDOWS\system32\jkkkkjk.dll
E:\WINDOWS\system32\jkkkkjk.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\mljhffd.dll
E:\WINDOWS\system32\mljhffd.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\pmnlijg.dll
E:\WINDOWS\system32\pmnlijg.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\qomnllk.dll
E:\WINDOWS\system32\qomnllk.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\wchrqjbs.dll
E:\WINDOWS\system32\wchrqjbs.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\mwlbyaci.exe
E:\WINDOWS\system32\mwlbyaci.exe Has been deleted!

Attempting to delete E:\WINDOWS\System32\ddabc.dll
E:\WINDOWS\System32\ddabc.dll Has been deleted!

Attempting to delete E:\WINDOWS\System32\cbadd.ini
E:\WINDOWS\System32\cbadd.ini Has been deleted!

Attempting to delete E:\WINDOWS\System32\cbadd.bak1
E:\WINDOWS\System32\cbadd.bak1 Has been deleted!

Performing Repairs to the registry.
Done!

and a new Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 8:31:47 AM, on 10/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\ITE\Smart Guardian\ITESMART.exe
E:\WINDOWS\System32\RunDLL32.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\AGEIA Technologies\TrayIcon.exe
E:\Program Files\Winamp\Winampa.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\palmOne\Hotsync.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Documents and Settings\Maciek\Desktop\lolo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] E:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.5.lnk = E:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Startup: palmOne Registration.lnk = E:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = E:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9596952468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9597209296
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
shadowkun
Active Member
 
Posts: 5
Joined: October 13th, 2006, 3:43 pm

Unread postby random/random » October 14th, 2006, 9:04 am

Could you run combofix again? I'd like to see the log after all the other fixes were run

1. Double click combofix.exe & follow the prompts.
2. When finished, it shall produce a log for you. Post that log in your next reply

Post back with the combofix log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby shadowkun » October 14th, 2006, 9:07 am

New Combofix:
Maciek - 06-10-14 9:05:30.98 Service Pack 1
ComboFix 06.10.08W - Running from: E:\Documents and Settings\Maciek\Desktop

((((((((((((((((((((((((((((((( Files Created from 2006-09-14 to 2006-10-14 ))))))))))))))))))))))))))))))))))


2006-10-13 17:44 50,912 --a------ E:\WINDOWS\iconu.exe
2006-10-13 15:26 42,736 --a------ E:\WINDOWS\icont.exe
2006-10-12 18:33 80,384 -r-hs---- E:\WINDOWS\eiRecvr.exe
2006-10-11 20:56 40,960 --a------ E:\WINDOWS\system32\psfind.dll
2006-10-11 20:56 1,060,864 --a------ E:\WINDOWS\system32\mfc71.dll
2006-10-09 18:23 69,632 --a------ E:\WINDOWS\uinst001.exe
2006-10-05 23:35 327,168 --a------ E:\WINDOWS\IsUninst.exe
2006-10-05 23:27 16,694 --a------ E:\WINDOWS\system32\drivers\PalmUSBD.sys
2006-10-05 23:09 53,248 --a------ E:\WINDOWS\PalmDevC.dll
2006-10-05 15:12 62,744 --a------ E:\WINDOWS\system32\xinput1_2.dll
2006-10-05 15:12 236,824 --a------ E:\WINDOWS\system32\xactengine2_3.dll
2006-10-04 08:11 2,297,552 --a------ E:\WINDOWS\system32\d3dx9_26.dll
2006-10-02 21:50 0 --a------ E:\WINDOWS\system32\setup_41812.exe
2006-10-02 21:27 983,101 --a------ E:\WINDOWS\system32\LXBLGF.DLL
2006-10-02 21:27 90,112 --a------ E:\WINDOWS\system32\LXBLCUR.DLL
2006-10-02 21:27 86,016 --a------ E:\WINDOWS\system32\LXBLIH.EXE
2006-10-02 21:27 77,824 --a------ E:\WINDOWS\system32\LXBLLCNP.DLL
2006-10-02 21:27 73,728 --a------ E:\WINDOWS\system32\lxblpwr.dll
2006-10-02 21:27 69,632 --a------ E:\WINDOWS\system32\LXBLCU.DLL
2006-10-02 21:27 544,768 --a------ E:\WINDOWS\system32\LXBLLSNT.EXE
2006-10-02 21:27 454,656 --a------ E:\WINDOWS\system32\LXBLJSWR.DLL
2006-10-02 21:27 40,960 --a------ E:\WINDOWS\system32\lxblvs.dll
2006-10-02 21:27 40,960 --a------ E:\WINDOWS\system32\INSTMON.EXE
2006-10-02 21:27 339,968 --a------ E:\WINDOWS\system32\LXBLUTIL.DLL
2006-10-02 21:27 307,200 --a------ E:\WINDOWS\system32\LEXBCES.EXE
2006-10-02 21:27 299,520 --a------ E:\WINDOWS\uninst.exe
2006-10-02 21:27 286,720 --a------ E:\WINDOWS\system32\LXBLPMNT.DLL
2006-10-02 21:27 286,720 --a------ E:\WINDOWS\system32\lxblcomm.dll
2006-10-02 21:27 217,088 --a------ E:\WINDOWS\system32\LXBLLCNT.DLL
2006-10-02 21:27 201,216 --a------ E:\WINDOWS\system32\LEXP2P32.DLL
2006-10-02 21:27 200,192 --a------ E:\WINDOWS\system32\LEXLMPM.DLL
2006-10-02 21:27 197,120 --a------ E:\WINDOWS\system32\LEX2KUSB.DLL
2006-10-02 21:27 174,592 --a------ E:\WINDOWS\system32\LEXPPS.EXE
2006-10-02 21:27 155,648 --a------ E:\WINDOWS\system32\LEXPING.EXE
2006-10-02 21:27 147,456 --a------ E:\WINDOWS\system32\LEXBCE.DLL
2006-10-02 21:27 126,976 --a------ E:\WINDOWS\system32\LXBLCFG.EXE
2006-10-02 20:46 24,960 --a------ E:\WINDOWS\system32\drivers\usbprint.sys
2006-10-02 13:45 98,304 --a------ E:\WINDOWS\system32\CmdLineExt.dll
2006-10-01 20:23 761,856 --a------ E:\WINDOWS\system32\xvidcore.dll
2006-10-01 20:23 180,224 --a------ E:\WINDOWS\system32\xvidvfw.dll
2006-10-01 10:53 816,264 --a------ E:\WINDOWS\system32\wmvdmod.dll
2006-10-01 10:53 760,968 --a------ E:\WINDOWS\system32\wmsdmod.dll
2006-10-01 10:53 486,536 --a------ E:\WINDOWS\system32\wmspdmod.dll
2006-10-01 10:53 410,248 --a------ E:\WINDOWS\system32\wmadmod.dll
2006-10-01 10:53 384,512 --a------ E:\WINDOWS\system32\mp4sdmod.dll
2006-10-01 10:53 316,040 --a------ E:\WINDOWS\system32\mp43dmod.dll
2006-10-01 10:53 241,664 --a------ E:\WINDOWS\system32\mpg4dmod.dll
2006-09-30 07:25 593,408 --a------ E:\WINDOWS\system32\h323msp.dll
2006-09-30 07:25 548,352 --a------ E:\WINDOWS\system32\rtcdll.dll
2006-09-30 07:25 439,808 --a------ E:\WINDOWS\system32\ipnathlp.dll
2006-09-30 07:25 26,112 --a------ E:\WINDOWS\system32\xpsp1hfm.exe
2006-09-30 07:22 947,472 --a------ E:\WINDOWS\system32\msjava.dll
2006-09-30 07:22 63,248 --a------ E:\WINDOWS\system32\javaprxy.dll
2006-09-30 07:22 49,424 --a------ E:\WINDOWS\system32\clspack.exe
2006-09-30 07:22 46,352 --a------ E:\WINDOWS\setdebug.exe
2006-09-30 07:22 404,752 --a------ E:\WINDOWS\system32\javart.dll
2006-09-30 07:22 313,856 --a------ E:\WINDOWS\system32\dx3j.dll
2006-09-30 07:22 286,992 --a------ E:\WINDOWS\system32\vmhelper.dll
2006-09-30 07:22 21,264 --a------ E:\WINDOWS\system32\msjdbc10.dll
2006-09-30 07:22 187,152 --a------ E:\WINDOWS\system32\javacypt.dll
2006-09-30 07:22 172,304 --a------ E:\WINDOWS\system32\jview.exe
2006-09-30 07:22 171,792 --a------ E:\WINDOWS\system32\wjview.exe
2006-09-30 07:22 171,280 --a------ E:\WINDOWS\system32\jit.dll
2006-09-30 07:22 154,384 --a------ E:\WINDOWS\system32\msawt.dll
2006-09-30 07:22 15,120 --a------ E:\WINDOWS\system32\jdbgmgr.exe
2006-09-30 07:22 139,536 --a------ E:\WINDOWS\system32\javaee.dll
2006-09-30 07:22 113 --a------ E:\WINDOWS\system32\zonedon.reg
2006-09-30 07:22 113 --a------ E:\WINDOWS\system32\zonedoff.reg
2006-09-29 23:58 611,064 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2006-09-29 23:46 991,232 --a------ E:\WINDOWS\system32\esent.dll
2006-09-29 23:26 7,680 --------- E:\WINDOWS\system32\bitsprx2.dll
2006-09-29 23:26 7,168 --------- E:\WINDOWS\system32\bitsprx3.dll
2006-09-29 23:26 331,776 --a------ E:\WINDOWS\system32\winhttp.dll
2006-09-29 23:26 22,752 --a------ E:\WINDOWS\system32\spupdsvc.exe
2006-09-29 23:26 17,408 --a------ E:\WINDOWS\system32\qmgrprxy.dll
2006-09-29 23:15 465,176 --a------ E:\WINDOWS\system32\wuapi.dll
2006-09-29 23:15 41,240 --a------ E:\WINDOWS\system32\wups.dll
2006-09-29 23:15 194,328 --a------ E:\WINDOWS\system32\wuaueng1.dll
2006-09-29 23:15 172,312 --a------ E:\WINDOWS\system32\wuauclt1.exe
2006-09-29 23:15 127,256 --a------ E:\WINDOWS\system32\wucltui.dll
2006-09-29 21:20 98,816 --a------ E:\WINDOWS\system32\dmstyle.dll
2006-09-29 21:20 974,848 --a------ E:\WINDOWS\system32\dxdiag.exe
2006-09-29 21:20 83,968 --a------ E:\WINDOWS\system32\drivers\nabtsfec.sys
2006-09-29 21:20 80,896 --a------ E:\WINDOWS\system32\dpvsetup.exe
2006-09-29 21:20 8,192 --a------ E:\WINDOWS\system32\d3d8thk.dll
2006-09-29 21:20 797,184 --a------ E:\WINDOWS\system32\d3dim700.dll
2006-09-29 21:20 79,360 --a------ E:\WINDOWS\system32\dpwsockx.dll
2006-09-29 21:20 77,824 --a------ E:\WINDOWS\system32\dpmodemx.dll
2006-09-29 21:20 76,800 --a------ E:\WINDOWS\system32\dmscript.dll
2006-09-29 21:20 733,184 --a------ E:\WINDOWS\system32\qedwipes.dll
2006-09-29 21:20 723,968 --a------ E:\WINDOWS\system32\dpnet.dll
2006-09-29 21:20 7,424 --a------ E:\WINDOWS\system32\drivers\mskssrv.sys
2006-09-29 21:20 68,096 --a------ E:\WINDOWS\system32\dpnhupnp.dll
2006-09-29 21:20 667,648 --a------ E:\WINDOWS\system32\dinput8.dll
2006-09-29 21:20 648,704 --a------ E:\WINDOWS\system32\dinput.dll
2006-09-29 21:20 64,512 --a------ E:\WINDOWS\system32\amstream.dll
2006-09-29 21:20 62,672 --a------ E:\WINDOWS\system32\dxdllreg.exe
2006-09-29 21:20 602,624 --a------ E:\WINDOWS\system32\dx7vb.dll
2006-09-29 21:20 58,368 --a------ E:\WINDOWS\system32\dmcompos.dll
2006-09-29 21:20 52,096 --a------ E:\WINDOWS\system32\drivers\msdv.sys
2006-09-29 21:20 5,504 --a------ E:\WINDOWS\system32\drivers\mstee.sys
2006-09-29 21:20 5,248 --a------ E:\WINDOWS\system32\drivers\mspclock.sys
2006-09-29 21:20 491,520 --a------ E:\WINDOWS\system32\dsdmoprp.dll
2006-09-29 21:20 48,512 --a------ E:\WINDOWS\system32\drivers\stream.sys
2006-09-29 21:20 470,528 --a------ E:\WINDOWS\system32\qdvd.dll
2006-09-29 21:20 47,104 --a------ E:\WINDOWS\system32\wstdecod.dll
2006-09-29 21:20 467,968 --a------ E:\WINDOWS\system32\diactfrm.dll
2006-09-29 21:20 4,608 --a------ E:\WINDOWS\system32\drivers\mspqm.sys
2006-09-29 21:20 4,096 --a------ E:\WINDOWS\system32\ksuser.dll
2006-09-29 21:20 4,096 --a------ E:\WINDOWS\system32\drivers\swenum.sys
2006-09-29 21:20 381,952 --a------ E:\WINDOWS\system32\dsound.dll
2006-09-29 21:20 381,952 --a------ E:\WINDOWS\system32\dpvoice.dll
2006-09-29 21:20 354,816 --a------ E:\WINDOWS\system32\psisdecd.dll
2006-09-29 21:20 34,304 --a------ E:\WINDOWS\system32\mciqtz32.dll
2006-09-29 21:20 33,280 --a------ E:\WINDOWS\system32\dmloader.dll
2006-09-29 21:20 324,096 --a------ E:\WINDOWS\system32\mswebdvd.dll
2006-09-29 21:20 32,768 --a------ E:\WINDOWS\system32\dpnhpast.dll
2006-09-29 21:20 316,928 --a------ E:\WINDOWS\system32\qdv.dll
2006-09-29 21:20 31,744 --a------ E:\WINDOWS\system32\pid.dll
2006-09-29 21:20 3,072 --a------ E:\WINDOWS\system32\dpnlobby.dll
2006-09-29 21:20 3,072 --a------ E:\WINDOWS\system32\dpnaddr.dll
2006-09-29 21:20 292,864 --a------ E:\WINDOWS\system32\ddraw.dll
2006-09-29 21:20 28,160 --a------ E:\WINDOWS\system32\dplaysvr.exe
2006-09-29 21:20 27,136 --a------ E:\WINDOWS\system32\dmband.dll
2006-09-29 21:20 257,024 --a------ E:\WINDOWS\system32\qcap.dll
2006-09-29 21:20 24,064 --a------ E:\WINDOWS\system32\ddrawex.dll
2006-09-29 21:20 230,400 --a------ E:\WINDOWS\system32\dplayx.dll
2006-09-29 21:20 223,232 --a------ E:\WINDOWS\system32\gcdef.dll
2006-09-29 21:20 19,968 --a------ E:\WINDOWS\system32\dpvacm.dll
2006-09-29 21:20 186,880 --a------ E:\WINDOWS\system32\dsdmo.dll
2006-09-29 21:20 181,248 --a------ E:\WINDOWS\system32\dmime.dll
2006-09-29 21:20 18,944 --a------ E:\WINDOWS\system32\encapi.dll
2006-09-29 21:20 18,688 --a------ E:\WINDOWS\system32\drivers\wstcodec.sys
2006-09-29 21:20 18,432 --a------ E:\WINDOWS\system32\dswave.dll
2006-09-29 21:20 173,056 --a------ E:\WINDOWS\system32\qasf.dll
2006-09-29 21:20 16,896 --a------ E:\WINDOWS\system32\msyuv.dll
2006-09-29 21:20 16,896 --a------ E:\WINDOWS\system32\dpnsvr.exe
2006-09-29 21:20 16,384 --a------ E:\WINDOWS\system32\drivers\ccdecode.sys
2006-09-29 21:20 15,104 --a------ E:\WINDOWS\system32\drivers\mpe.sys
2006-09-29 21:20 14,976 --a------ E:\WINDOWS\system32\drivers\streamip.sys
2006-09-29 21:20 132,608 --a------ E:\WINDOWS\system32\devenum.dll
2006-09-29 21:20 130,304 --a------ E:\WINDOWS\system32\drivers\ks.sys
2006-09-29 21:20 13,312 --a------ E:\WINDOWS\system32\msdmo.dll
2006-09-29 21:20 122,880 --a------ E:\WINDOWS\system32\dmusic.dll
2006-09-29 21:20 112,128 --a------ E:\WINDOWS\system32\dpvvox.dll
2006-09-29 21:20 11,392 --a------ E:\WINDOWS\system32\drivers\bdasup.sys
2006-09-29 21:20 100,864 --a------ E:\WINDOWS\system32\dmsynth.dll
2006-09-29 21:20 10,880 --a------ E:\WINDOWS\system32\drivers\slip.sys
2006-09-29 21:20 10,112 --a------ E:\WINDOWS\system32\drivers\ndisip.sys
2006-09-29 21:20 1,798,144 --a------ E:\WINDOWS\system32\qedit.dll
2006-09-29 21:20 1,769,472 --a------ E:\WINDOWS\system32\dxdiagn.dll
2006-09-29 21:20 1,689,088 --a------ E:\WINDOWS\system32\d3d9.dll
2006-09-29 21:20 1,294,336 --a------ E:\WINDOWS\system32\dsound3d.dll
2006-09-29 21:20 1,230,336 --a------ E:\WINDOWS\system32\msvidctl.dll
2006-09-29 21:20 1,201,152 --a------ E:\WINDOWS\system32\d3d8.dll
2006-09-29 21:20 1,189,888 --a------ E:\WINDOWS\system32\dx8vb.dll
2006-09-29 09:13 208,896 --a------ E:\WINDOWS\system32\nvudisp.exe
2006-09-29 09:08 6,080 --a------ E:\WINDOWS\system32\drivers\zntport.sys
2006-09-29 09:08 46,080 -ra------ E:\WINDOWS\system32\itevio.dll
2006-09-29 09:08 118,784 -ra------ E:\WINDOWS\system32\Msstdfmt.dll
2006-09-29 09:08 102,912 -ra------ E:\WINDOWS\system32\Ntport.dll
2006-09-29 09:03 77,440 --a------ E:\WINDOWS\system32\drivers\wdmaud.sys
2006-09-29 09:03 577,536 -r------- E:\WINDOWS\soundman.exe
2006-09-29 09:03 57,856 --a------ E:\WINDOWS\system32\drivers\drmk.sys
2006-09-29 09:03 56,832 --a------ E:\WINDOWS\system32\drivers\sysaudio.sys
2006-09-29 09:03 54,272 --a------ E:\WINDOWS\system32\drivers\swmidi.sys
2006-09-29 09:03 50,048 --a------ E:\WINDOWS\system32\drivers\DMusic.sys
2006-09-29 09:03 5,888 --a------ E:\WINDOWS\system32\drivers\splitter.sys
2006-09-29 09:03 40,960 -r------- E:\WINDOWS\system32\ChCfg.exe
2006-09-29 09:03 3,844,288 -r------- E:\WINDOWS\system32\drivers\alcxwdm.sys
2006-09-29 09:03 217,088 -ra------ E:\WINDOWS\Alcrmv.exe
2006-09-29 09:03 2,816 --a------ E:\WINDOWS\system32\drivers\drmkaud.sys
2006-09-29 09:03 159,360 --a------ E:\WINDOWS\system32\drivers\kmixer.sys
2006-09-29 09:03 142,208 --a------ E:\WINDOWS\system32\drivers\aec.sys
2006-09-29 09:03 135,168 -r------- E:\WINDOWS\system32\RtlCPAPI.dll
2006-09-29 09:03 134,272 --a------ E:\WINDOWS\system32\drivers\portcls.sys
2006-09-29 09:03 10,477,568 -r------- E:\WINDOWS\system32\RTLCPL.exe
2006-09-29 09:02 307,200 -r------- E:\WINDOWS\alcupd.exe
2006-09-29 09:00 9,728 -ra------ E:\WINDOWS\system32\bdco1ins.dll
2006-09-29 09:00 9,728 -ra------ E:\WINDOWS\system32\bdco1.dll
2006-09-29 09:00 89,856 -ra------ E:\WINDOWS\system32\drivers\nvatabus.sys
2006-09-29 09:00 62,976 --a------ E:\WINDOWS\system32\drivers\pci.sys
2006-09-29 09:00 33,408 -ra------ E:\WINDOWS\system32\drivers\NVENETFD.sys
2006-09-29 09:00 32,256 -ra------ E:\WINDOWS\system32\nvconrm.dll
2006-09-29 09:00 295,424 -ra------ E:\WINDOWS\system32\idecoi.dll
2006-09-29 09:00 261,504 -ra------ E:\WINDOWS\system32\drivers\nvnrm.sys
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\nvusmb.exe
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\nvunrm.exe
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\NVUNINST.EXE
2006-09-29 09:00 208,896 --a------ E:\WINDOWS\system32\nvuide.exe
2006-09-29 09:00 208,256 -ra------ E:\WINDOWS\system32\drivers\nvsnpu.sys
2006-09-29 09:00 201,728 -ra------ E:\WINDOWS\system32\fdco1ins.dll
2006-09-29 09:00 201,728 -ra------ E:\WINDOWS\system32\fdco1.dll
2006-09-29 09:00 16,640 -ra------ E:\WINDOWS\system32\drivers\nvcchflt.sys
2006-09-29 09:00 12,928 -ra------ E:\WINDOWS\system32\drivers\nvnetbus.sys
2006-09-29 08:51 91,136 --a------ E:\WINDOWS\system32\MSOERT2.DLL
2006-09-29 08:51 9,728 --a------ E:\WINDOWS\system32\mstinit.exe
2006-09-29 08:51 77,824 --a------ E:\WINDOWS\system32\isign32.dll
2006-09-29 08:51 73,728 --a------ E:\WINDOWS\system32\ils.dll
2006-09-29 08:51 69,632 --a------ E:\WINDOWS\system32\icwdial.dll
2006-09-29 08:51 69,248 --a------ E:\WINDOWS\system32\drivers\sr.sys
2006-09-29 08:51 65,536 --a------ E:\WINDOWS\system32\msconf.dll
2006-09-29 08:51 64,512 --a------ E:\WINDOWS\system32\acctres.dll
2006-09-29 08:51 63,488 --a------ E:\WINDOWS\system32\srclient.dll
2006-09-29 08:51 61,440 --a------ E:\WINDOWS\system32\icwphbk.dll
2006-09-29 08:51 596,480 --a------ E:\WINDOWS\system32\INETCOMM.DLL
2006-09-29 08:51 47,616 --a------ E:\WINDOWS\system32\INETRES.DLL
2006-09-29 08:51 40,960 --a------ E:\WINDOWS\system32\safrslv.dll
2006-09-29 08:51 39,424 --a------ E:\WINDOWS\system32\safrcdlg.dll
2006-09-29 08:51 361,984 --a------ E:\WINDOWS\system32\qmgr.dll
2006-09-29 08:51 33,280 --a------ E:\WINDOWS\system32\racpldlg.dll
2006-09-29 08:51 32,768 --a------ E:\WINDOWS\system32\mnmsrvc.exe
2006-09-29 08:51 32,256 --a------ E:\WINDOWS\system32\mnmdd.dll
2006-09-29 08:51 28,672 --a------ E:\WINDOWS\system32\isrdbg32.dll
2006-09-29 08:51 266,240 --a------ E:\WINDOWS\system32\inetcfg.dll
2006-09-29 08:51 26,624 --a------ E:\WINDOWS\system32\safrdm.dll
2006-09-29 08:51 250,368 --a------ E:\WINDOWS\system32\mstask.dll
2006-09-29 08:51 24,576 --a------ E:\WINDOWS\system32\nmmkcert.dll
2006-09-29 08:51 229,376 --a------ E:\WINDOWS\system32\MSOEACCT.DLL
2006-09-29 08:51 226,816 --a------ E:\WINDOWS\system32\srrstr.dll
2006-09-29 08:51 16,384 --a------ E:\WINDOWS\system32\icfgnt5.dll
2006-09-29 08:51 159,232 --a------ E:\WINDOWS\system32\schedsvc.dll
2006-09-29 08:51 158,720 --a------ E:\WINDOWS\system32\srsvc.dll
2006-09-29 08:51 12,288 --a------ E:\WINDOWS\system32\nmevtmsg.dll
2006-09-29 08:51 11,264 --a------ E:\WINDOWS\system32\atrace.dll
2006-09-29 08:50 974,336 --a------ E:\WINDOWS\system32\msdtctm.dll
2006-09-29 08:50 9,728 --a------ E:\WINDOWS\system32\reset.exe
2006-09-29 08:50 89,600 --a------ E:\WINDOWS\system32\comrepl.dll
2006-09-29 08:50 85,504 --a------ E:\WINDOWS\system32\catsrvps.dll
2006-09-29 08:50 80,384 --a------ E:\WINDOWS\system32\charmap.exe
2006-09-29 08:50 73,216 --a------ E:\WINDOWS\system32\avwav.dll
2006-09-29 08:50 61,952 --a------ E:\WINDOWS\system32\rdshost.exe
2006-09-29 08:50 605,696 --a------ E:\WINDOWS\system32\getuname.dll
2006-09-29 08:50 6,144 --a------ E:\WINDOWS\system32\msdtc.exe
2006-09-29 08:50 56,832 --a------ E:\WINDOWS\system32\sol.exe
2006-09-29 08:50 55,296 --a------ E:\WINDOWS\system32\freecell.exe
2006-09-29 08:50 54,784 --a------ E:\WINDOWS\system32\msdtclog.dll
2006-09-29 08:50 54,272 --a------ E:\WINDOWS\system32\stclient.dll
2006-09-29 08:50 5,632 --a------ E:\WINDOWS\system32\write.exe
2006-09-29 08:50 5,120 --a------ E:\WINDOWS\system32\dcomcnfg.exe
2006-09-29 08:50 499,200 --a------ E:\WINDOWS\system32\comuid.dll
2006-09-29 08:50 44,544 --a------ E:\WINDOWS\system32\hticons.dll
2006-09-29 08:50 4,096 --a------ E:\WINDOWS\system32\rdpcfgex.dll
2006-09-29 08:50 4,096 --a------ E:\WINDOWS\system32\mtxex.dll
2006-09-29 08:50 35,328 --a------ E:\WINDOWS\system32\winchat.exe
2006-09-29 08:50 33,792 --a------ E:\WINDOWS\system32\regini.exe
2006-09-29 08:50 25,600 --a------ E:\WINDOWS\system32\comaddin.dll
2006-09-29 08:50 25,088 --a------ E:\WINDOWS\system32\mtxlegih.dll
2006-09-29 08:50 227,840 --a------ E:\WINDOWS\system32\avtapi.dll
2006-09-29 08:50 220,672 --a------ E:\WINDOWS\system32\catsrv.dll
2006-09-29 08:50 22,016 --a------ E:\WINDOWS\system32\qwinsta.exe
2006-09-29 08:50 20,992 --a------ E:\WINDOWS\system32\msg.exe
2006-09-29 08:50 20,480 --a------ E:\WINDOWS\system32\mtxdm.dll
2006-09-29 08:50 20,232 --a------ E:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-29 08:50 18,432 --a------ E:\WINDOWS\system32\qprocess.exe
2006-09-29 08:50 179,200 --a------ E:\WINDOWS\system32\accwiz.exe
2006-09-29 08:50 16,896 --a------ E:\WINDOWS\system32\tsshutdn.exe
2006-09-29 08:50 16,896 --a------ E:\WINDOWS\system32\qappsrv.exe
2006-09-29 08:50 16,384 --a------ E:\WINDOWS\system32\tskill.exe
2006-09-29 08:50 16,384 --a------ E:\WINDOWS\system32\avmeter.dll
2006-09-29 08:50 150,528 --a------ E:\WINDOWS\system32\msdtcuiu.dll
2006-09-29 08:50 15,872 --a------ E:\WINDOWS\system32\rwinsta.exe
2006-09-29 08:50 15,872 --a------ E:\WINDOWS\system32\cdmodem.dll
2006-09-29 08:50 15,360 --a------ E:\WINDOWS\system32\logoff.exe
2006-09-29 08:50 147,456 --a------ E:\WINDOWS\system32\comsnap.dll
2006-09-29 08:50 14,848 --a------ E:\WINDOWS\system32\tsdiscon.exe
2006-09-29 08:50 14,848 --a------ E:\WINDOWS\system32\tscon.exe
2006-09-29 08:50 14,848 --a------ E:\WINDOWS\system32\shadow.exe
2006-09-29 08:50 138,752 --a------ E:\WINDOWS\system32\sndvol32.exe
2006-09-29 08:50 126,976 --a------ E:\WINDOWS\system32\mshearts.exe
2006-09-29 08:50 124,416 --a------ E:\WINDOWS\system32\sndrec32.exe
2006-09-29 08:50 119,808 --a------ E:\WINDOWS\system32\winmine.exe
2006-09-29 08:50 114,688 --a------ E:\WINDOWS\system32\calc.exe
2006-09-29 08:50 110,080 --a------ E:\WINDOWS\system32\clbcatex.dll
2006-09-29 08:50 11,776 --a------ E:\WINDOWS\system32\xolehlp.dll
2006-09-29 08:50 11,144 --a------ E:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-29 08:50 1,161 --a------ E:\WINDOWS\system32\usrlogon.cmd
2006-09-29 08:49 98,816 --a------ E:\WINDOWS\system32\clipbrd.exe
2006-09-29 08:49 9,216 --a------ E:\WINDOWS\system32\wuauserv.dll
2006-09-29 08:49 9,216 --a------ E:\WINDOWS\system32\icaapi.dll
2006-09-29 08:49 88,064 --a------ E:\WINDOWS\system32\tscfgwmi.dll
2006-09-29 08:49 75,912 --a------ E:\WINDOWS\system32\rdpwsx.dll
2006-09-29 08:49 598,016 --a------ E:\WINDOWS\system32\mstscax.dll
2006-09-29 08:49 581,632 --a------ E:\WINDOWS\system32\catsrvut.dll
2006-09-29 08:49 57,856 --a------ E:\WINDOWS\system32\licwmi.dll
2006-09-29 08:49 56,320 --a------ E:\WINDOWS\system32\remotepg.dll
2006-09-29 08:49 534,016 --a------ E:\WINDOWS\system32\spider.exe
2006-09-29 08:49 53,248 --a------ E:\WINDOWS\system32\servdeps.dll
2006-09-29 08:49 44,032 --a------ E:\WINDOWS\system32\rdpclip.exe
2006-09-29 08:49 40,960 --a------ E:\WINDOWS\system32\tscupgrd.exe
2006-09-29 08:49 388,608 --a------ E:\WINDOWS\system32\mstsc.exe
2006-09-29 08:49 38,024 --a------ E:\WINDOWS\system32\drivers\termdd.sys
2006-09-29 08:49 368,640 --a------ E:\WINDOWS\system32\msdtcprx.dll
2006-09-29 08:49 339,968 --a------ E:\WINDOWS\system32\mspaint.exe
2006-09-29 08:49 32,768 --a------ E:\WINDOWS\system32\cfgbkend.dll
2006-09-29 08:49 200,192 --a------ E:\WINDOWS\system32\termsrv.dll
2006-09-29 08:49 182,400 --a------ E:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-29 08:49 174,592 --a------ E:\WINDOWS\system32\cmprops.dll
2006-09-29 08:49 16,384 --a------ E:\WINDOWS\system32\mmfutil.dll
2006-09-29 08:49 14,848 --a------ E:\WINDOWS\system32\rdpsnd.dll
2006-09-29 08:49 135,680 --a------ E:\WINDOWS\system32\rdchost.dll
2006-09-29 08:49 129,024 --a------ E:\WINDOWS\system32\sessmgr.exe
2006-09-29 08:49 124,184 --a------ E:\WINDOWS\system32\wuauclt.exe
2006-09-29 08:49 12,288 --a------ E:\WINDOWS\system32\rdsaddin.exe
2006-09-29 08:49 116,736 --a------ E:\WINDOWS\system32\mplay32.exe
2006-09-29 08:49 116,104 --a------ E:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-29 08:49 1,343,768 --a------ E:\WINDOWS\system32\wuaueng.dll
2006-09-29 01:47 99,328 --a------ E:\WINDOWS\system32\irftp.exe
2006-09-29 01:47 78,336 --a------ E:\WINDOWS\system32\irmon.dll
2006-09-29 01:47 7,680 --a------ E:\WINDOWS\system32\wshirda.dll
2006-09-29 01:47 67,072 --a------ E:\WINDOWS\system32\usbui.dll
2006-09-29 01:47 6,400 --a------ E:\WINDOWS\system32\drivers\enum1394.sys
2006-09-29 01:47 56,576 --a------ E:\WINDOWS\system32\drivers\redbook.sys
2006-09-29 01:47 55,296 --a------ E:\WINDOWS\system32\drivers\irda.sys
2006-09-29 01:47 3,072 --a------ E:\WINDOWS\system32\drivers\audstub.sys
2006-09-29 01:47 19,584 --a------ E:\WINDOWS\system32\drivers\rasirda.sys
2006-09-29 01:47 18,688 --a------ E:\WINDOWS\system32\drivers\irsir.sys
2006-09-29 01:46 85,020 --a------ E:\WINDOWS\system32\dgsetup.dll
2006-09-29 01:46 8,192 -ra------ E:\WINDOWS\system32\kbdhept.dll
2006-09-29 01:46 71,168 --a------ E:\WINDOWS\system32\storprop.dll
2006-09-29 01:46 7,168 -ra------ E:\WINDOWS\system32\kbdcz.dll
2006-09-29 01:46 66,048 --a------ E:\WINDOWS\NOTEPAD.EXE
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdycl.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdsl1.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdsl.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdpl.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdhu.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdhela3.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdcz2.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdcz1.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\kbdcr.dll
2006-09-29 01:46 6,656 -ra------ E:\WINDOWS\system32\KBDAL.DLL
2006-09-29 01:46 6,656 --a------ E:\WINDOWS\system32\batt.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdtuq.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdtuf.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdlv1.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdlv.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdhela2.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdgkl.dll
2006-09-29 01:46 6,144 -ra------ E:\WINDOWS\system32\kbdest.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdycc.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbduzb.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdur.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdtat.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdru1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdru.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdro.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdpl1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdmon.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdlt1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdlt.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdkyr.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdkaz.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhu1.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhe319.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhe220.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdhe.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdbu.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdblr.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdazel.dll
2006-09-29 01:46 5,632 -ra------ E:\WINDOWS\system32\kbdaze.dll
2006-09-29 01:46 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll
2006-09-29 01:46 176,157 --a------ E:\WINDOWS\system32\dgrpsetu.dll
2006-09-29 01:46 15,360 --a------ E:\WINDOWS\TASKMAN.EXE
2006-09-29 01:46 13,312 --a------ E:\WINDOWS\system32\irclass.dll
2006-09-29 01:46 103,424 --a------ E:\WINDOWS\system32\EqnClass.Dll
2006-09-29 01:46 10,496 --a------ E:\WINDOWS\system32\drivers\irenum.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-14 09:04 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Skype
2006-10-14 08:31 -------- d-------- E:\Program Files\OpenOffice.org1.1.5
2006-10-13 13:38 -------- d-------- E:\Documents and Settings\Maciek\Application Data\SearchToolbarCorp
2006-10-12 23:11 -------- d-------- E:\Program Files\Plucker
2006-10-12 06:58 -------- d-------- E:\Program Files\Konnekt
2006-10-11 20:48 -------- d--h----- E:\Program Files\InstallShield Installation Information
2006-10-11 20:26 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Gearbox Software
2006-10-09 19:30 -------- d-------- E:\Program Files\mIRC
2006-10-09 19:29 -------- d-------- E:\Documents and Settings\Maciek\Application Data\My Games
2006-10-09 18:25 83 --a------ E:\Documents and Settings\Maciek\Application Data\sversion.ini
2006-10-09 17:42 -------- d-------- E:\Program Files\Microsoft Office
2006-10-09 17:42 -------- d-------- E:\Program Files\Common Files\Microsoft Shared
2006-10-09 17:41 -------- d-------- E:\Program Files\Windows Messaging
2006-10-09 08:42 -------- d-------- E:\Program Files\MarBit
2006-10-08 12:16 -------- d-------- E:\Program Files\Common Files\InstallShield
2006-10-07 20:29 -------- d-------- E:\Program Files\Winamp
2006-10-07 19:22 -------- d-------- E:\Program Files\Mjuice Media Player
2006-10-05 23:56 -------- d-------- E:\Documents and Settings\Maciek\Application Data\AdobeUM
2006-10-05 23:55 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Adobe
2006-10-05 23:35 -------- d-------- E:\Program Files\Adobe
2006-10-05 23:28 -------- d-------- E:\Program Files\palmOne
2006-10-05 23:23 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Help
2006-10-05 23:11 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Leadertech
2006-10-05 23:05 -------- d-------- E:\Documents and Settings\Maciek\Application Data\HotSync
2006-10-04 14:29 -------- d-------- E:\Program Files\Common Files
2006-10-04 08:11 -------- dr-h----- E:\Documents and Settings\Maciek\Application Data\SecuROM
2006-10-04 08:03 -------- d-------- E:\Program Files\Internet Explorer
2006-10-04 07:51 -------- d-------- E:\Documents and Settings\Maciek\Application Data\InstallShield
2006-10-02 21:27 -------- d-------- E:\Program Files\Lexmark Z700-P700 Series
2006-10-02 15:41 -------- d-------- E:\Program Files\Common Files\Adobe
2006-10-02 13:42 -------- d-------- E:\Program Files\AGEIA Technologies
2006-10-02 07:25 -------- d-------- E:\Documents and Settings\Maciek\Application Data\.BitTornado
2006-10-02 07:21 -------- d-------- E:\Program Files\BitTornado
2006-10-01 20:23 -------- d-------- E:\Program Files\XviD
2006-10-01 19:54 -------- d-------- E:\Program Files\ffdshow
2006-10-01 12:04 -------- d-------- E:\Program Files\CDBurnerXP Pro 3
2006-10-01 08:44 -------- d-------- E:\Program Files\Opera
2006-10-01 08:44 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Macromedia
2006-10-01 08:22 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Opera
2006-10-01 08:21 -------- d---s---- E:\Documents and Settings\Maciek\Application Data\Microsoft
2006-09-30 16:14 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Tlen.pl
2006-09-30 16:13 -------- d-------- E:\Program Files\Tlen.pl
2006-09-30 07:29 -------- d-------- E:\Program Files\Skype
2006-09-30 07:25 -------- d-------- E:\Program Files\NetMeeting
2006-09-30 07:22 -------- d-------- E:\Program Files\Windows Media Player
2006-09-30 07:19 -------- d-------- E:\Program Files\Outlook Express
2006-09-30 07:19 -------- d-------- E:\Program Files\Common Files\System
2006-09-30 07:18 -------- d-------- E:\Program Files\Messenger
2006-09-30 07:01 -------- d-------- E:\Program Files\DAEMON Tools
2006-09-29 23:26 -------- d-------- E:\Program Files\WinRAR
2006-09-29 23:16 -------- d--h----- E:\Program Files\WindowsUpdate
2006-09-29 09:08 -------- d-------- E:\Program Files\ITE
2006-09-29 09:03 -------- d-------- E:\Program Files\Realtek AC97
2006-09-29 08:56 -------- d--h----- E:\Program Files\Uninstall Information
2006-09-29 08:56 -------- d-------- E:\Documents and Settings\Maciek\Application Data\Identities
2006-09-29 08:53 -------- d-------- E:\Program Files\xerox
2006-09-29 08:53 -------- d-------- E:\Program Files\microsoft frontpage
2006-09-29 08:51 -------- d-------- E:\Program Files\Movie Maker
2006-09-29 08:51 -------- d-------- E:\Program Files\Common Files\Services
2006-09-29 08:51 -------- d-------- E:\Program Files\Common Files\MSSoap
2006-09-29 08:50 -------- d-------- E:\Program Files\Windows NT
2006-09-29 08:50 -------- d-------- E:\Program Files\Online Services
2006-09-29 08:50 -------- d-------- E:\Program Files\MSN Gaming Zone
2006-09-29 08:50 -------- d-------- E:\Program Files\MSN
2006-09-29 08:50 -------- d-------- E:\Program Files\ComPlus Applications
2006-09-29 01:47 -------- d-------- E:\Program Files\Common Files\SpeechEngines
2006-09-29 01:47 -------- d-------- E:\Program Files\Common Files\ODBC
2006-09-29 01:46 62 --ahs---- E:\Documents and Settings\Maciek\Application Data\desktop.ini
2006-08-11 21:45 888832 --a------ E:\WINDOWS\system32\nvmobls.dll
2006-08-11 21:45 581632 --a------ E:\WINDOWS\system32\nvhwvid.dll
2006-08-11 21:45 5611520 --a------ E:\WINDOWS\system32\nvdisps.dll
2006-08-11 21:45 5251072 --a------ E:\WINDOWS\system32\nvdispsr.dll
2006-08-11 21:45 458752 --a------ E:\WINDOWS\system32\nvmccssr.dll
2006-08-11 21:45 45056 --a------ E:\WINDOWS\system32\nvmccsrs.dll
2006-08-11 21:45 3039232 --a------ E:\WINDOWS\system32\nvgames.dll
2006-08-11 21:45 2953216 --a------ E:\WINDOWS\system32\nvvitvsr.dll
2006-08-11 21:45 2928640 --a------ E:\WINDOWS\system32\nvgamesr.dll
2006-08-11 21:45 2904064 --a------ E:\WINDOWS\system32\nvvitvs.dll
2006-08-11 21:45 2859008 --a------ E:\WINDOWS\system32\nvmoblsr.dll
2006-08-11 21:45 229376 --a------ E:\WINDOWS\system32\nvmccs.dll
2006-08-11 21:45 188416 --a------ E:\WINDOWS\system32\nvmccss.dll
2006-08-11 21:45 1732608 --a------ E:\WINDOWS\system32\nvwssr.dll
2006-08-11 21:45 1236992 --a------ E:\WINDOWS\system32\nvwss.dll
2006-08-11 21:44 147456 --a------ E:\WINDOWS\system32\nvcolor.exe
2006-08-11 21:43 86016 --a------ E:\WINDOWS\system32\nvmctray.dll
2006-08-11 21:43 81920 --a------ E:\WINDOWS\system32\nvwddi.dll
2006-08-11 21:43 794624 --a------ E:\WINDOWS\system32\nvcplui.exe
2006-08-11 21:43 7630848 --a------ E:\WINDOWS\system32\nvcpl.dll
2006-08-11 21:43 466944 --a------ E:\WINDOWS\system32\nvshell.dll
2006-08-11 21:43 442368 --a------ E:\WINDOWS\system32\nvappbar.exe
2006-08-11 21:43 425984 --a------ E:\WINDOWS\system32\keystone.exe
2006-08-11 21:43 311296 --a------ E:\WINDOWS\system32\nvexpbar.dll
2006-08-11 21:43 286720 --a------ E:\WINDOWS\system32\nvnt4cpl.dll
2006-08-11 21:43 196608 --a------ E:\WINDOWS\system32\nvapi.dll
2006-08-11 21:43 1662976 --a------ E:\WINDOWS\system32\nvwdmcpl.dll
2006-08-11 21:43 1519616 --a------ E:\WINDOWS\system32\nwiz.exe
2006-08-11 21:43 1470464 --a------ E:\WINDOWS\system32\nview.dll
2006-08-11 21:43 1339392 --a------ E:\WINDOWS\system32\nvdspsch.exe
2006-08-11 21:43 1019904 --a------ E:\WINDOWS\system32\nvwimg.dll
2006-08-11 21:43 1011712 --a------ E:\WINDOWS\system32\nvcpluir.dll
2006-08-11 21:42 5636096 --a------ E:\WINDOWS\system32\nvoglnt.dll
2006-08-11 21:42 4496128 --a------ E:\WINDOWS\system32\nv4_disp.dll
2006-08-11 21:42 35840 --a------ E:\WINDOWS\system32\nvcodins.dll
2006-08-11 21:42 35840 --a------ E:\WINDOWS\system32\nvcod.dll
2006-08-11 21:42 155715 --a------ E:\WINDOWS\system32\nvsvc32.exe
2006-07-21 01:30 72704 --a------ E:\WINDOWS\system32\hlink.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"SmartGuardian"="E:\\Program Files\\ITE\\Smart Guardian\\ITESMART.exe"
"NvCplDaemon"="RUNDLL32.EXE E:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"DAEMON Tools"="\"E:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"AGEIA PhysX SysTray"="E:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"WinampAgent"="\"E:\\Program Files\\Winamp\\Winampa.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="E:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{7D00738B-6974-4794-98D4-DE79A07ECD81}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="konnekt"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Konnekt\\konnekt.exe\" /autostart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSMSGS"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Messenger\\MSMSGS.EXE\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"E:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Sat 10/14/2006 9:05:40.04
E:\ComboFix.txt ... 10/14/2006 09:05 AM
E:\ComboFix2.txt ... 10/14/2006 08:10 AM

New Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 9:07:19 AM, on 10/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\System32\RunDLL32.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\AGEIA Technologies\TrayIcon.exe
E:\Program Files\Winamp\Winampa.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\palmOne\Hotsync.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Konnekt\konnekt.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Maciek\Desktop\scholo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] E:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.5.lnk = E:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Startup: palmOne Registration.lnk = E:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = E:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9596952468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9597209296
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
shadowkun
Active Member
 
Posts: 5
Joined: October 13th, 2006, 3:43 pm

Unread postby random/random » October 14th, 2006, 9:40 am

Use windows explorer to find and delete these files:

E:\WINDOWS\iconu.exe
E:\WINDOWS\icont.exe
E:\WINDOWS\eiRecvr.exe
E:\WINDOWS\system32\psfind.dll
E:\WINDOWS\system32\setup_41812.exe

And this folder:

E:\Documents and Settings\Maciek\Application Data\SearchToolbarCorp\

Run Panda's ActiveScan from here and perform a full system scan.

1. Once you are on the Panda site click the
Scan your PC
button
2. A new window will open...click the big
Check Now
button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it
9. It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
10. Click on
Local Disks
to start the scan
11. Post Panda scan results in your next reply

Post back with the panda log and a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby shadowkun » October 14th, 2006, 11:06 am

Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 11:02:55 AM, on 10/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\System32\RunDLL32.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\AGEIA Technologies\TrayIcon.exe
E:\Program Files\Winamp\Winampa.exe
E:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\palmOne\Hotsync.exe
E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
E:\Program Files\OpenOffice.org1.1.5\program\soffice.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Opera\Opera.exe
E:\Program Files\Skype\Phone\Skype.exe
E:\Program Files\Konnekt\konnekt.exe
E:\WINDOWS\explorer.exe
E:\Documents and Settings\Maciek\Desktop\kolo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SmartGuardian] E:\Program Files\ITE\Smart Guardian\ITESMART.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] E:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 1.1.5.lnk = E:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe
O4 - Startup: palmOne Registration.lnk = E:\Program Files\palmOne\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = E:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = E:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9596952468
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9597209296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe


Panda Scan:


Incident Status Location

Spyware:Cookie/YieldManager Not disinfected E:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt
Spyware:Spyware/Virtumonde Not disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6GQ375IG\wack[1].exe[rmsyrup.exe]
Adware:Adware/DollarRevenue Not disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6GQ375IG\wack[1].exe[drpep.exe]
Spyware:Spyware/Virtumonde Not disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6GQ375IG\wack[2].exe[rmsyrup.exe]
Adware:Adware/DollarRevenue Not disinfected E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6GQ375IG\wack[2].exe[drpep.exe]
Spyware:Cookie/2o7 Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@2o7[1].txt
Spyware:Cookie/888 Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@888[1].txt
Spyware:Cookie/888 Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@888[2].txt
Spyware:Cookie/YieldManager Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@adserver.o2[1].txt
Spyware:Cookie/Advertising Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@atdmt[2].txt
Spyware:Cookie/BurstNet Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@com[1].txt
Spyware:Cookie/Coremetrics Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@data.coremetrics[1].txt
Spyware:Cookie/FastClick Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@fastclick[1].txt
Spyware:Cookie/Findwhat Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@findwhat[1].txt
Spyware:Cookie/Hitbox Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@realmedia[1].txt
Spyware:Cookie/Serving-sys Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@serving-sys[1].txt
Spyware:Cookie/onestat.com Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@stat.onestat[2].txt
Spyware:Cookie/Statcounter Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@statcounter[1].txt
Spyware:Cookie/Reliablestats Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@stats1.reliablestats[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@targetnet[1].txt
Spyware:Cookie/Tradedoubler Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@tribalfusion[2].txt
Spyware:Cookie/Winantivirus Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@winantivirus[1].txt
Spyware:Cookie/Winantivirus Not disinfected E:\Documents and Settings\Maciek\Cookies\maciek@www.winantivirus[1].txt
Spyware:Spyware/Virtumonde Not disinfected E:\VundoFix Backups\jkkkkjk.dll.bad
Spyware:Spyware/Virtumonde Not disinfected E:\VundoFix Backups\mljhffd.dll.bad
Potentially unwanted tool:Application/VSToolbar Not disinfected E:\VundoFix Backups\mwlbyaci.exe.bad
Spyware:Spyware/Virtumonde Not disinfected E:\VundoFix Backups\pmnlijg.dll.bad
Spyware:Spyware/Virtumonde Not disinfected E:\VundoFix Backups\qomnllk.dll.bad
Virus:Bck/IRCBot.AGG Disinfected E:\WINDOWS\eiRecvr.exe
Virus:W32/Sdbot.IJU.worm Disinfected E:\WINDOWS\system32\mysvcc.exe
Adware:Adware/CommAd Not disinfected E:\WINDOWS\TVM\asappsrv.dll
Adware:Adware/CommAd Not disinfected E:\WINDOWS\TVM\command.exe
Adware:Adware/CommAd Not disinfected E:\WINDOWS\TVM\npg.vbs
shadowkun
Active Member
 
Posts: 5
Joined: October 13th, 2006, 3:43 pm

Unread postby random/random » October 14th, 2006, 1:16 pm

Download ATF Cleaner by Attribune
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Main at the top and choose Select All from the list.
  • Click the Empty Selected button.
If you use Firefox browser:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


Copy the contents of the code box below to a notepad window

Code: Select all
attrib -r -s -h E:\WINDOWS\TVM\asappsrv.dll 
attrib -r -s -h E:\WINDOWS\TVM\command.exe 
attrib -r -s -h E:\WINDOWS\TVM\npg.vbs
del E:\WINDOWS\TVM\asappsrv.dll 
del E:\WINDOWS\TVM\command.exe 
del E:\WINDOWS\TVM\npg.vbs


Save it to the desktop as delete.bat making sure that save as type is set to all files

  • Create a folder on your desktop called Sysclean.
  • Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
  • Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
    This file will be called lptXXX.zip (XXX represents the version number)
  • Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX. Read here how to unzip/extract properly.
  • Move the lpt$vpn.XXX to the Sysclean-folder you created on your desktop.
  • Open the sysclean-folder and doubleclick sysclean.com.
  • Check: "Automatically clean or delete detected files".
  • Click scan.
Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

Restart

Please download F-Secure Blacklight (blbeta.exe) and save to your C:\ drive.
1. Open a command window by going to Start > Run and typing: cmd
2. Copy/paste or type the following in the command window:

C:\blbeta.exe /expert

3. Hit "Enter" to start the program and then close the cmd box.
4. Accept the user agreement and click "Next".
5 Click "Scan".
6. After the scan is complete, click "Next", then "Exit". BlackLight will create a log in C:\ drive named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan).
7. The log will have a list of all items found. Do not choose to rename any yet! I want to see the log first because legitimate items can also be present...like "wbemtest.exe".
8. Exit Blacklight and post the contents of the log in your next reply.

Note: If you download Blacklight to your desktop, just double-click to run from there and it will create the "fsbl-xxxxxxx.log" on your desktop.

Post back with a new HijackThis log, the BlackLight log and the contents of sysclean.log.
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby random/random » October 15th, 2006, 4:40 am

Since you've reformatted, you're almost certainly clean

As I said in my first post, you need to change the passwords for all the online services you use

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infections you had were Alcan, Vundo, Look2me, and cmdservice

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented

  1. Use an antivirus program
    Two good free programs are
    AVG
    Avast<I use this one

    Two good paid-for programs are
    NOD32
    Bitdefender

    Whichever antivirus you choose, it is essential that you keep it up to date
  2. Use a firewall
    While the firewall built into windows XP will protect you from incoming attacks, it will not monitor outgoing connections
    It is therefore recommended that you install one of the following firewalls
    Sunbelt kerio personal firewall
    Zonealarm
  3. Keep windows up to date with the latest patches


    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
  4. Install spywareblaster
    Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
    kill bits
    in the registry, so that certain activex controls can't install.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster here here
    Make sure to update it on a regular basis
  5. Install IE-SPYAD
    Dowload and instructions located here
    Make sure to update it on a regular basis
  6. Use a HOSTS file
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  7. Install and use Ad-aware & Spybot search & destroy
    Instructions are located here
    Make sure to update them on a regular basis
  8. Most exploits are aimed at internet explorer, so I recommend you switch to an altenative browser
    Two good alternative browsers are
    Firefox
    Opera
    It is essential to update to the latest version of your browser, as the updates fix known security holes
  9. Even if you do decide to switch to another browser, it is still a good idea to lock down Internet explorer
    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    Change the allow paste operations via script to Disable
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
  10. Clean out you temp file on a regular basis
    I use and recommend ATF Cleaner by Attribune
    To use it, follow these instructions
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Main at the top and choose Select All from the list.
    • Click the Empty Selected button.
    If you use Firefox browser:
    • Click Firefox at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser:
    • Click Opera at the top and choose Select All from the list.
    • Click the Empty Selected button.
    • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
  11. Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
User avatar
random/random
Developer
Developer
 
Posts: 7731
Joined: December 18th, 2005, 3:30 pm

Unread postby Nick-YF19 » October 15th, 2006, 11:38 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 53 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware