Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm Desparate - Please Help Me

Started by sjrbrant , Feb 21 2005 11:13 PM

  • Please log in to reply

#1
sjrbrant
Posted 21 February 2005 - 11:13 PM

sjrbrant

    New Member

  • Member
  • Pip
  • 3 posts
Sorry to bother you guys. I know you are terribly busy and my problem probably pales compared to others. However, I have been combatting this annoying hijack problem for so long I am getting really desparate. I admit I did send you a request to help me a week ago and I guess my request was overrun by 14 pages of other requests. I can understand you not getting back to me, but I really need your help so please forgive me and please help me.

Reading numerous entries with similar problems, I have a good hunch that your staff member "Thatman" can help me.

I ran AntiVir and TrendMicro House Call and have found no viruses.

I disabled System Restore and rebooted into Safe Mode and then ran Spybot S&D, CWSShredder, Spysubtract and AdawareSE and removed everything that came up for removal. I rebooted back into normal mode and reset my System Retore. Alas, the hicjack problem is still there.

Since I have become initimately familiar with my system I know that the there are offending files that are identified by RUNDLL error messages that cannot be removed because my system believes they are being used by someone or some other program on my computer. Furthermore the name of the file changes everytime I reboot. Task Manager does not seem to identify any unusual processes running. I tried removing the GUARD.TMP file from my System32 directory but it gets rewritten somehow.

Below I have included my HijackThis report that does not show any obvious problems (at least not to me), but running step 1 in Im2fix seems to have identified some scarry stuff in it so I really need your help to tell me what to fix in Step 2. and any other suggestions I might try to finally rid this menace from my computer once and for all.

Again, I apologize for submitting another entry, but I am really desparate. Please help me.

Best regards,

SJR


Logfile of HijackThis v1.99.0
Scan saved at 10:18:01 PM, on 2/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steven Brant\Desktop\Security\HijackThis.exe

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CleanRam] C:\Program Files\Clean Ram\cleanram.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022705 serial=DR12WTX-9999998-YSP lang=EN
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\AnalogX\CookieWall\cookie.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [QNPlus] C:\Program Files\Conceptworld\QNPlus\QNPlus.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax Live Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GDllCmd.exe
O4 - Global Startup: eFax Tray Menu 3.3.lnk = C:\Program Files\eFax Messenger Plus 3.3\J2GTray.exe
O4 - Global Startup: MDGnotify.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Girafa - {78A7D3B4-23E3-11D4-A682-0050DA502650} - C:\Program Files\Girafa\GirafaBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E913F46-16EE-472C-91D6-7EDE1A2D561B} (ucButton.UCObjBtn) - http://www.mdg.ca/do...ds/IObjMdgp.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Sygate Personal Firewall - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe



L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\k280lclm1fqa.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{E734D7FB-9290-40AC-B436-C086642745EE}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}"="Universal Plug and Play Devices"
"{00020D75-0000-0000-C000-000000000046}"="Microsoft Office Outlook Desktop Icon Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Office Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{E3087CE3-3FD1-456A-B428-288D6A694F6D}"=""
"{57D74560-E8C5-4E99-97F2-E4BEF120A67A}"=""
"{5BE656C5-FD8C-4AF3-8D4B-6DFD48A0E3D1}"=""
"{FEB0283E-E4E6-4D4D-A5D3-0E08C2D4D4FE}"=""
"{D6BDC7D1-23CA-4608-90CB-613C27A69ABF}"=""
"{AB77609F-2178-4E6F-9C4B-44AC179D937A}"="aż Context Menu Shell Extension"
"{B5211897-042D-4FB2-86DC-84E8061B2B25}"=""
"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"="SpySubtract Shell Extension"
"{5896313E-1754-4E80-9991-E2769655F246}"=""
"{B3B03A31-1AD1-4C4C-8FAB-12AA9AE5DD67}"=""
"{7227D924-F23B-4135-BF28-836D932F115C}"=""
"{88C04E7C-7B2C-4EE8-89D7-899340C130D9}"=""
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{9F8F72B0-C76E-425D-B317-1603F70F7B37}"=""
"{6B0FD17C-6596-4035-AA84-9A44E5B802EF}"=""
"{343375FD-AFF2-4BFA-B9C8-76ADF2C96839}"=""
"{A0449F91-27C4-4247-8D05-7724BAAA3068}"=""
"{6ec2e0e3-1116-4d47-b0c2-5bdaf4e4c308}"="eFax Messenger Plus - Shell Extension"
"{C38C9EFF-166C-11D4-98D6-204C4F4F5020}"="Piky Basket"
"{BCF86EFA-1357-4745-97A3-823E57CCF4AA}"=""
"{F442EE87-6019-498A-849E-1EB30A37D7DB}"=""
"{D6AF7820-9A7E-4CC9-BB55-A247D740910A}"=""
"{4DE6CCDA-4182-42C4-AAB4-CA4E8383C56C}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B5211897-042D-4FB2-86DC-84E8061B2B25}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B5211897-042D-4FB2-86DC-84E8061B2B25}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B5211897-042D-4FB2-86DC-84E8061B2B25}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B5211897-042D-4FB2-86DC-84E8061B2B25}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B3B03A31-1AD1-4C4C-8FAB-12AA9AE5DD67}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3B03A31-1AD1-4C4C-8FAB-12AA9AE5DD67}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3B03A31-1AD1-4C4C-8FAB-12AA9AE5DD67}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B3B03A31-1AD1-4C4C-8FAB-12AA9AE5DD67}\InprocServer32]
@="C:\\WINDOWS\\system32\\uhtheme.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{7227D924-F23B-4135-BF28-836D932F115C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7227D924-F23B-4135-BF28-836D932F115C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7227D924-F23B-4135-BF28-836D932F115C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{7227D924-F23B-4135-BF28-836D932F115C}\InprocServer32]
@="C:\\WINDOWS\\system32\\muiwave.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{88C04E7C-7B2C-4EE8-89D7-899340C130D9}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88C04E7C-7B2C-4EE8-89D7-899340C130D9}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88C04E7C-7B2C-4EE8-89D7-899340C130D9}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{88C04E7C-7B2C-4EE8-89D7-899340C130D9}\InprocServer32]
@="C:\\WINDOWS\\system32\\jeaw400.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{6B0FD17C-6596-4035-AA84-9A44E5B802EF}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0FD17C-6596-4035-AA84-9A44E5B802EF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0FD17C-6596-4035-AA84-9A44E5B802EF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{6B0FD17C-6596-4035-AA84-9A44E5B802EF}\InprocServer32]
@="C:\\WINDOWS\\system32\\mnang.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{D6AF7820-9A7E-4CC9-BB55-A247D740910A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6AF7820-9A7E-4CC9-BB55-A247D740910A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6AF7820-9A7E-4CC9-BB55-A247D740910A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{D6AF7820-9A7E-4CC9-BB55-A247D740910A}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4DE6CCDA-4182-42C4-AAB4-CA4E8383C56C}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DE6CCDA-4182-42C4-AAB4-CA4E8383C56C}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DE6CCDA-4182-42C4-AAB4-CA4E8383C56C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4DE6CCDA-4182-42C4-AAB4-CA4E8383C56C}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
adobepdf.dll Tue Dec 14 2004 2:12:06a A.... 22,016 21.50 K
arycfilt.dll Mon Jan 31 2005 3:11:02p A.S.R 231,014 225.60 K
bqowseui.dll Sun Feb 13 2005 9:21:24a A.... 231,013 225.60 K
browseui.dll Thu Jan 27 2005 12:13:16p A.... 1,016,832 993.00 K
bvowseui.dll Sun Jan 30 2005 3:56:26p A.S.R 229,973 224.58 K
cdfview.dll Thu Jan 27 2005 12:13:16p A.... 151,040 147.50 K
cygmgr32.dll Fri Jan 28 2005 10:20:58p A.... 229,736 224.35 K
cyrds.dll Mon Jan 31 2005 1:35:26p A.S.R 229,569 224.19 K
d2j0lc~1.dll Mon Feb 14 2005 12:23:16a ..S.R 231,013 225.60 K
daspex.dll Mon Feb 14 2005 10:42:08p ..S.R 228,878 223.51 K
dfxg15.dll Thu Nov 25 2004 12:05:38p A.... 548,864 536.00 K
dnser.dll Tue Feb 1 2005 1:35:36p A.S.R 229,450 224.07 K
docore.dll Fri Jan 28 2005 10:49:02p A.... 151,552 148.00 K
dosync.dll Fri Jan 28 2005 10:48:54p A.... 114,688 112.00 K
dreml.dll Fri Feb 11 2005 9:58:38a ..S.R 229,164 223.79 K
dtvclnt.dll Mon Jan 31 2005 2:08:54p A.S.R 230,385 224.98 K
e8020i~1.dll Mon Jan 31 2005 4:34:16p A.S.R 232,096 226.66 K
e820li~1.dll Wed Feb 16 2005 9:40:48a ..S.R 228,714 223.35 K
en20l1~1.dll Tue Feb 1 2005 2:46:56p A.S.R 229,528 224.15 K
enlol1~1.dll Sat Feb 19 2005 12:37:30a ..S.R 231,583 226.15 K
f6l0lg~1.dll Fri Jan 28 2005 10:07:46p A.S.R 230,304 224.91 K
fp8003~1.dll Mon Jan 31 2005 4:14:02p A.S.R 231,971 226.53 K
g2lm0c~1.dll Sun Jan 30 2005 5:00:38p A.S.R 229,218 223.84 K
hol.dll Fri Feb 4 2005 1:21:52a ..S.R 231,166 225.75 K
iepeers.dll Thu Jan 27 2005 12:13:16p A.... 249,856 244.00 K
inseng.dll Thu Jan 27 2005 12:13:16p A.... 96,256 94.00 K
iwshlpr.dll Tue Feb 1 2005 12:08:20p A.S.R 229,450 224.07 K
jeaw400.dll Tue Feb 1 2005 4:10:28p A.... 229,873 224.48 K
jtpm07~1.dll Fri Feb 4 2005 10:28:02a ..S.R 231,244 225.82 K
k280lc~1.dll Mon Feb 21 2005 9:24:32a A.... 230,292 224.89 K
k444le~1.dll Tue Feb 1 2005 3:04:22p A.S.R 229,323 223.95 K
k8jsli~1.dll Tue Feb 1 2005 5:03:46p ..S.R 231,591 226.16 K
l2p20c~1.dll Mon Jan 31 2005 9:35:04a A.S.R 229,841 224.45 K
l62slg~1.dll Mon Jan 31 2005 9:43:10a A.S.R 231,295 225.87 K
l6p2lg~1.dll Tue Feb 15 2005 12:59:56a ..S.R 230,192 224.80 K
lv0409~1.dll Mon Feb 14 2005 12:52:30a ..S.R 231,463 226.04 K
lvr209~1.dll Mon Feb 7 2005 9:55:26a ..S.R 231,311 225.89 K
m4jule~1.dll Sun Jan 30 2005 12:39:02a A.... 231,132 225.71 K
m6460g~1.dll Mon Feb 21 2005 9:52:34p ..S.R 229,210 223.84 K
m6rm0g~1.dll Tue Feb 1 2005 4:51:52p ..S.R 230,069 224.68 K
meidntld.dll Fri Feb 4 2005 1:57:42a ..S.R 229,214 223.84 K
mnang.dll Tue Feb 1 2005 4:51:52p A.... 229,873 224.48 K
mputilse.dll Thu Feb 3 2005 11:10:00p ..S.R 229,214 223.84 K
mshtml.dll Thu Jan 27 2005 12:13:18p A.... 3,006,976 2.87 M
mtd32.dll Mon Feb 21 2005 9:24:34a ..S.R 229,210 223.84 K
muiwave.dll Tue Feb 1 2005 3:04:18p A.... 228,507 223.15 K
mv4ol9~1.dll Thu Feb 3 2005 2:26:14p ..S.R 230,039 224.64 K
o6nslg~1.dll Tue Feb 1 2005 2:57:06p A.S.R 230,263 224.86 K
oabcint.dll Mon Jan 31 2005 2:19:16p A.S.R 229,569 224.19 K
ole32.dll Fri Jan 14 2005 3:55:50a A.... 1,285,120 1.22 M
olecli32.dll Fri Jan 14 2005 3:55:50a A.... 74,752 73.00 K
olecnv32.dll Fri Jan 14 2005 3:55:50a A.... 37,888 37.00 K
ossmtp.dll Mon Jan 31 2005 5:17:54p A.... 94,208 92.00 K
p8p6li~1.dll Sat Feb 12 2005 11:22:52a ..S.R 230,842 225.43 K
q486le~1.dll Mon Feb 7 2005 10:42:12a ..S.R 231,012 225.60 K
rpcss.dll Fri Jan 14 2005 3:55:50a A.... 395,776 386.50 K
shdocvw.dll Thu Jan 27 2005 12:13:18p A.... 1,483,264 1.41 M
shell32.dll Tue Dec 21 2004 3:49:36p A.... 8,450,048 8.06 M
shlwapi.dll Thu Jan 27 2005 12:13:18p A.... 473,600 462.50 K
spmsg.dll Tue Nov 30 2004 2:46:38p ..... 7,168 7.00 K
sporder.dll Fri Jan 28 2005 10:49:00p A.... 8,464 8.27 K
srvsvc.dll Tue Dec 7 2004 2:32:34p A.... 96,768 94.50 K
t6r8lg~1.dll Fri Jan 28 2005 10:21:50p A.S.R 231,632 226.20 K
uhtheme.dll Tue Feb 1 2005 1:33:38p A.... 228,507 223.15 K
urlmon.dll Thu Jan 27 2005 12:13:18p A.... 607,744 593.50 K
wininet.dll Thu Jan 27 2005 12:13:18p A.... 656,896 641.50 K
xvidcore.dll Mon Dec 20 2004 11:03:26a A.... 679,936 664.00 K
xvidvfw.dll Mon Dec 20 2004 11:08:28a A.... 155,648 152.00 K

68 items found: 68 files (36 H/S), 0 directories.
Total of file sizes: 29,994,303 bytes 28.60 M
Locate .tmp files:

C:\WINDOWS\SYSTEM32\
guard.tmp Mon Feb 21 2005 10:01:44p ..S.R 230,292 224.89 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 230,292 bytes 224.89 K
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is E893-AD09

Directory of C:\WINDOWS\System32

02/21/2005 10:01 PM 230,292 guard.tmp
02/21/2005 09:52 PM 229,210 m6460ghse6460.dll
02/21/2005 09:24 AM 229,210 mtd32.dll
02/19/2005 12:37 AM 231,583 enlol1331.dll
02/16/2005 09:40 AM 228,714 e820lifm182a.dll
02/15/2005 12:59 AM 230,192 l6p2lg7o16.dll
02/14/2005 10:42 PM 228,878 daspex.dll
02/14/2005 12:52 AM 231,463 lv0409dqe.dll
02/14/2005 12:23 AM 231,013 d2j0lc1m1f.dll
02/14/2005 12:07 AM <DIR> dllcache
02/12/2005 11:22 AM 230,842 p8p6li7s18.dll
02/11/2005 09:58 AM 229,164 dreml.dll
02/07/2005 10:42 AM 231,012 q486lels1hq6.dll
02/07/2005 09:55 AM 231,311 lvr2099oe.dll
02/04/2005 10:28 AM 231,244 jtpm0771e.dll
02/04/2005 01:57 AM 229,214 meidntld.dll
02/04/2005 01:21 AM 231,166 hOl.dll
02/03/2005 11:09 PM 229,214 mputilse.dll
02/03/2005 02:26 PM 230,039 mv4ol9h31.dll
02/01/2005 05:03 PM 231,591 k8jsli1718.dll
02/01/2005 04:51 PM 230,069 m6rm0g91e6.dll
02/01/2005 03:04 PM 229,323 k444lehq1h4e.dll
02/01/2005 02:57 PM 230,263 o6nslg5716.dll
02/01/2005 02:46 PM 229,528 en20l1fm1.dll
02/01/2005 01:35 PM 229,450 dnser.dll
02/01/2005 12:08 PM 229,450 iWshlpr.dll
01/31/2005 04:34 PM 232,096 e8020idoe80c0.dll
01/31/2005 04:14 PM 231,971 fp8003lme.dll
01/31/2005 03:11 PM 231,014 arycfilt.dll
01/31/2005 02:19 PM 229,569 oabcint.dll
01/31/2005 02:08 PM 230,385 dTvclnt.dll
01/31/2005 01:35 PM 229,569 cYrds.dll
01/31/2005 09:43 AM 231,295 l62slgf7162.dll
01/31/2005 09:35 AM 229,841 l2p20c7oef.dll
01/30/2005 05:00 PM 229,218 g2lm0c31ef.dll
01/30/2005 03:56 PM 229,973 bvowseui.dll
01/28/2005 10:21 PM 231,632 t6r8lg9u16.dll
01/28/2005 10:07 PM 230,304 f6l0lg3m16.dll
01/28/2005 08:38 PM 1,682 KGyGaAvL.sys
01/28/2005 08:29 PM 56 B7DE574F02.sys
11/04/2004 02:02 AM <DIR> Microsoft
05/22/2001 01:00 AM 22,016 borlndmm.dll
40 File(s) 8,544,056 bytes
2 Dir(s) 144,064,778,240 bytes free
  • 0

Advertisements

#2
sjrbrant
Posted 03 March 2005 - 09:33 AM

sjrbrant

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Gi guys,

I got tired of waiting for a reply so I took matters into my own hands. I studied the logs from part one of the lm2fix scan and tried some things on my own (i.e., deleted a few files, denied access to a few registry items, that sort of thing). The prime suspects were there, guard.tmp in particular, so I deleted them also. This only provided temporary relief as they were rewritten back into the system but in different places. I was afraid to do step two of lm2fix without help so I waited for help from you guys. The problem with the CWSHijacker is that it is so invasive and frustrating that it completey destroys the browsing experience. After several weeks of waiting for someone to help me I decided to take a leap of faith and run part 2 of lm2fix on my own. I figured the worst that could happen is that I would have to reformat my hard drive. Low and behold, lm2fix worked like a charm. Suddenly I have no more problems, my CWSShredder now works and no more CWS, my Ad-Aware SE works and no more crashes, and my Spybot S&D no longer identifies the same old spybots. My system is completely, 100%, clean. My only regret is that I didn't have the nerve to attempt step 2 of lm2fix sooner. Although I was disappointed that you guys never bothered to respond, I am grateful that your website and numerous blogs on the subject led me to the solution with lm2fix. Some good did come out of the process though. By my having to do the research on your site and others, I am now a lot more confident about my system, the defenses I now have installed and my own ability to solve these kinds of problems in the future. So thanks, I guess.

Regards,

SJR
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP