Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Transponder, Ceres, Virtual Bouncer...please help [RESOLVED]


  • This topic is locked This topic is locked

#1
nailpipe

nailpipe

    Member

  • Member
  • PipPip
  • 35 posts
Microsoft antispyware beta does nothing! Every time I clean the computer of viruses and spyware with my arsenal of programs they come right back by the dozens the instant I get online! here is the latest hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 1:57:05 PM, on 6/27/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\WINNT\explorer.exe
C:\winnt\system32\clxyia.exe
C:\WINNT\system32\accwiz.exe
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\Buddy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\Buddy.exe
D:\OLD_DATA\My Documents\Alex II\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALEX11\Application Data\Mozilla\Profiles\default\te2uwnao.slt\prefs.js)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINNT\ceres.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [clxyia] c:\winnt\system32\clxyia.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...en/content.html
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.p...trol/avxnew.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswar...1/DMInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINNT\system32\fPxevent.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe

Blarg! Help is very much appreciated!
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi nailpipe and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

  • 0

#3
nailpipe

nailpipe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:16:32 PM, on 6/28/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALEX11\Application Data\Mozilla\Profiles\default\te2uwnao.slt\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...en/content.html
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.p...trol/avxnew.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswar...1/DMInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\fPxevent.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
I need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes.
  • Open Microsoft AntiSpyware.
  • Click on Options, Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck: Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
  • Under Real-time spyware threat protection uncheck: Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

We need to make sure all hidden files are showing so please:
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Please RUN HijackThis.
. Click the SCAN button to produce a log.

Place a check mark beside each one of the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R3 - Default URLSearchHook is missing
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...en/content.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.p...trol/avxnew.dll
O16 - DPF: {FDF6378C-7B5D-4ABF-BA1F-92748305FFAC} (DownloadManagerInstall Control) - http://beta.byteswar...1/DMInstall.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: ShellScrap - C:\WINNT\system32\fPxevent.dll



Now with all the items selected, delete them by clicking the FIX checked button. Close the HijackThis window and Reboot Your System in Safe Mode

How To Start To Safe Mode In Windows 2000

*Turn the computer on
*When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key.
*The Windows 2000 Advanced Options Menu will appear.
*Choose the Safe mode option. (it is usually the first item in the list).
*Use the arrow keys to select it if it is not selected by default.
*Press Enter. The computer will start in Safe mode.
*when finished troubleshooting, close all programs
*restart the computer as you normally would


Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

FILES

C:\WINNT\system32\fPxevent.dll

FOLDERS (with all their content)

C:\Program Files\Ebates_MoeMoneyMaker
C:\Program Files\Cas

Exit Explorer, and REBOOT BACK INTO NORMAL MODE

Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everytjhing looks now.

Regards,

Trevuren

  • 0

#5
nailpipe

nailpipe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I went through every step except while in safe mode I couldnt delete fPxevent.dll. An error came up saying "Cannot delete fPxevent: There has been a sharing violation. The source or destination file may be in use." I could not find a task that was running it in Task Manager there either.

Logfile of HijackThis v1.99.1
Scan saved at 3:36:01 PM, on 6/28/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\system32\WTablet\TabUserW.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALEX11\Application Data\Mozilla\Profiles\default\te2uwnao.slt\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: Explorer - C:\WINNT\system32\fPxevent.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi bigbadgreen,

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

You have the latest version of VX2.

1. Download L2mfix from this location:

http://www.downloads....org/l2mfix.exe

2. Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

Regards,

Trevuren

  • 0

#7
nailpipe

nailpipe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Mmkay.


L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\fPxevent.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{B76A0F18-E78B-3142-04AD-522032992533}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}"="IZArc DragDrop Menu"
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"="IZArc Shell Context Menu"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{32A9D769-5B55-4a25-9A62-86B5683FE50A}"="NikonView Drop Extension"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{64BC5640-700F-4E7E-8462-D3092DD74B0F}"="VDMSound LaunchPad"
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}"="RecordNow! SendToExt"
"{4D4E063A-2908-4469-8FC7-1F8C623836EE}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{4D4E063A-2908-4469-8FC7-1F8C623836EE}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D4E063A-2908-4469-8FC7-1F8C623836EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D4E063A-2908-4469-8FC7-1F8C623836EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{4D4E063A-2908-4469-8FC7-1F8C623836EE}\InprocServer32]
@="C:\\WINNT\\system32\\twfflt.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
acctres.dll Thu Aug 29 2002 7:06:14a A.... 64,512 63.00 K
aclui.dll Thu Jun 19 2003 12:05:04p A.... 78,096 76.27 K
activeds.dll Thu Jun 19 2003 12:05:04p A.... 182,032 177.77 K
actxprxy.dll Thu Aug 29 2002 8:14:40a A.... 98,816 96.50 K
adsldp.dll Thu Jun 19 2003 12:05:04p A.... 125,712 122.77 K
adsldpc.dll Thu Jun 19 2003 12:05:04p A.... 133,904 130.77 K
adsmsext.dll Thu Jun 19 2003 12:05:04p A.... 62,736 61.27 K
adsnds.dll Thu Jun 19 2003 12:05:04p A.... 164,112 160.27 K
adsnt.dll Thu Jun 19 2003 12:05:04p A.... 201,488 196.77 K
adsnw.dll Thu Jun 19 2003 12:05:04p A.... 112,400 109.77 K
advapi32.dll Tue Mar 23 2004 8:17:00p A.... 388,368 379.27 K
advpack.dll Thu Aug 29 2002 8:14:40a A.... 91,136 89.00 K
amstream.dll Thu Dec 12 2002 1:14:32a A.... 64,512 63.00 K
aoi3d1ag.dll Tue Jun 25 2002 7:03:02p ..S.R 417,792 408.00 K
appmgmts.dll Thu Jun 19 2003 12:05:04p A.... 120,592 117.77 K
appmgr.dll Thu Jun 19 2003 12:05:04p A.... 224,016 218.77 K
asferror.dll Wed Dec 11 2002 4:16:58p A.... 7,680 7.50 K
astero~1.dll Wed Dec 3 2003 5:15:10p A.... 876,544 856.00 K
asycfilt.dll Thu Jun 19 2003 12:05:04p A.... 143,632 140.27 K
ati2cqag.dll Tue May 3 2005 7:52:06p A.... 204,800 200.00 K
ati2dvag.dll Tue May 3 2005 8:28:56p A.... 226,816 221.50 K
ati2edxx.dll Tue May 3 2005 8:24:04p A.... 39,936 39.00 K
ati2evxx.dll Tue May 3 2005 8:23:56p A.... 46,080 45.00 K
ati3d1ag.dll Thu Dec 11 2003 10:14:12p A.... 866,016 845.72 K
ati3d2ag.dll Thu Dec 11 2003 10:25:08p A.... 1,052,608 1.00 M
ati3duag.dll Tue May 3 2005 8:14:58p A.... 2,307,424 2.20 M
atiddc.dll Tue May 3 2005 8:22:20p A.... 53,248 52.00 K
atidemgr.dll Tue May 3 2005 10:31:58p A.... 221,184 216.00 K
atiiiexx.dll Tue May 3 2005 11:04:00p A.... 299,008 292.00 K
atikvmag.dll Tue May 3 2005 7:57:52p A.... 135,168 132.00 K
atioglx1.dll Tue May 3 2005 9:52:14p A.... 6,680,576 6.37 M
atioglxx.dll Tue May 3 2005 8:44:44p A.... 4,820,992 4.60 M
atipdlxx.dll Tue May 3 2005 8:24:28p A.... 94,208 92.00 K
atitvo32.dll Tue May 3 2005 7:57:06p A.... 17,408 17.00 K
ativvaxx.dll Tue May 3 2005 8:08:50p A.... 604,864 590.69 K
atkctrs.dll Thu Jun 19 2003 12:05:04p A.... 14,096 13.77 K
atl.dll Thu Jun 19 2003 12:05:04p ..... 74,810 73.05 K
atmfd.dll Thu Jun 19 2003 12:05:04p A.... 291,888 285.05 K
atmlib.dll Thu Jun 19 2003 12:05:04p A.... 31,504 30.77 K
aucups.dll Tue Jun 25 2002 7:02:56p ..S.R 417,792 408.00 K
authz.dll Thu Feb 3 2005 11:34:04p A.... 55,568 54.27 K
avifil32.dll Thu Jun 19 2003 12:05:04p A.... 78,608 76.77 K
avtapi.dll Thu Jun 19 2003 12:05:04p A.... 226,576 221.27 K
basesrv.dll Thu Jun 17 2004 5:05:28p A.... 46,352 45.27 K
batmeter.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
bitsprx2.dll Tue Oct 5 2004 10:43:28a ..... 7,680 7.50 K
bitsprx3.dll Tue Oct 5 2004 10:43:28a ..... 7,168 7.00 K
blackbox.dll Wed Dec 11 2002 7:09:20p A.... 232,960 227.50 K
browselc.dll Thu Aug 29 2002 8:14:40a A.... 62,976 61.50 K
browser.dll Tue Mar 23 2004 8:17:02p A.... 69,904 68.27 K
browseui.dll Fri Feb 18 2005 3:09:14p A.... 1,017,856 994.00 K
browsewm.dll Thu Aug 29 2002 8:14:40a A.... 71,680 70.00 K
capesnpn.dll Thu Jun 19 2003 12:05:04p A.... 127,760 124.77 K
capicom.dll Mon Jul 19 2004 5:26:28p A.... 466,944 456.00 K
catsrv.dll Thu Mar 11 2004 3:29:22p A.... 169,232 165.27 K
catsrvut.dll Thu Mar 11 2004 3:29:24p A.... 595,728 581.77 K
cddbco~1.dll Wed Aug 11 2004 11:47:48p A.... 569,344 556.00 K
cddbui~1.dll Wed Aug 11 2004 11:47:48p A.... 708,608 692.00 K
cdfview.dll Tue Dec 7 2004 6:43:02p A.... 143,360 140.00 K
cdm.dll Thu Jun 19 2003 12:05:04p A.... 18,432 18.00 K
cdonts.dll Thu Jun 19 2003 12:05:04p A.... 402,704 393.27 K
cdosys.dll Thu Jun 19 2003 12:05:04p A.... 2,531,088 2.41 M
cdral.dll Wed Aug 11 2004 11:47:48p A.... 45,056 44.00 K
cdrtc.dll Wed Aug 11 2004 11:47:48p A.... 49,152 48.00 K
certcli.dll Thu Jun 19 2003 12:05:04p A.... 135,440 132.27 K
certmgr.dll Thu Jun 19 2003 12:05:04p A.... 422,160 412.27 K
cewmdm.dll Tue Nov 26 2002 8:03:32p A.... 159,232 155.50 K
ciadmin.dll Thu Jun 19 2003 12:05:04p A.... 156,944 153.27 K
ciodm.dll Thu Nov 4 2004 10:41:52p A.... 68,880 67.27 K
clbcatex.dll Thu Mar 11 2004 3:29:24p A.... 97,040 94.77 K
clbcatq.dll Thu Mar 11 2004 3:29:22p A.... 552,720 539.77 K
cliconfg.dll Thu Feb 20 2003 4:28:04p A.... 73,728 72.00 K
clusapi.dll Thu Jun 19 2003 12:05:04p A.... 55,568 54.27 K
cmdial32.dll Thu Jun 19 2003 12:05:04p A.... 193,808 189.27 K
cml5.dll Tue Dec 2 2003 6:10:46p A.... 139,264 136.00 K
cmnquery.dll Thu Jun 19 2003 12:05:04p A.... 82,704 80.77 K
cmprops.dll Thu Jun 19 2003 12:05:04p A.... 159,807 156.06 K
cmutil.dll Thu Jun 19 2003 12:05:04p A.... 22,288 21.77 K
cmyptui.dll Thu Jun 27 2002 4:29:34p ..S.R 417,792 408.00 K
cnqu70.dll Fri Apr 26 2002 6:37:44p A.... 32,768 32.00 K
cnvfat.dll Thu Jun 19 2003 12:05:04p A.... 26,384 25.77 K
colbact.dll Thu Mar 11 2004 3:29:24p A.... 41,744 40.77 K
comcat.dll Thu Jun 19 2003 12:05:04p A.... 3,856 3.77 K
comctl32.dll Thu Aug 29 2002 8:14:40a A.... 529,680 517.27 K
comdlg32.dll Thu Jun 19 2003 12:05:04p A.... 241,424 235.77 K
comrepl.dll Thu Mar 11 2004 3:29:24p A.... 97,552 95.27 K
comsvcs.dll Thu Mar 11 2004 3:29:24p A.... 1,467,664 1.40 M
comuid.dll Thu Mar 11 2004 3:29:24p A.... 625,936 611.27 K
confmsp.dll Thu Jun 19 2003 12:05:04p A.... 219,920 214.77 K
corpol.dll Thu Aug 29 2002 8:14:40a A.... 16,384 16.00 K
crypt32.dll Tue Mar 23 2004 8:17:00p A.... 543,504 530.77 K
cryptdlg.dll Thu Jun 19 2003 1:05:04p A.... 90,384 88.27 K
cryptdll.dll Thu Jun 19 2003 12:05:04p A.... 44,304 43.27 K
cryptnet.dll Tue Mar 23 2004 8:17:02p A.... 61,200 59.77 K
cryptsvc.dll Tue Mar 23 2004 8:17:02p A.... 76,048 74.27 K
cryptui.dll Wed Jun 18 2003 12:13:34p A.... 443,664 433.27 K
cscdll.dll Thu Jun 19 2003 12:05:04p A.... 101,136 98.77 K
cscui.dll Thu Jun 19 2003 12:05:04p A.... 242,960 237.27 K
csrsrv.dll Thu Jun 19 2003 12:05:04p A.... 35,088 34.27 K
csseqchk.dll Thu Aug 29 2002 8:14:40a A.... 86,016 84.00 K
ctdvda32.dll Tue Nov 11 2003 11:43:54a A.... 77,824 76.00 K
d3d8.dll Fri Jul 9 2004 5:27:28a A.... 1,179,648 1.13 M
d3d8thk.dll Thu Dec 12 2002 1:14:32a A.... 7,168 7.00 K
d3d9.dll Fri Jul 9 2004 5:27:28a A.... 1,689,600 1.61 M
d3dim.dll Thu Dec 12 2002 1:14:32a A.... 446,224 435.77 K
d3dim700.dll Fri May 30 2003 10:00:02a A.... 797,184 778.50 K
d3dpmesh.dll Thu Dec 12 2002 1:14:32a A.... 37,648 36.77 K
d3dramp.dll Thu Dec 12 2002 1:14:32a A.... 591,120 577.27 K
d3drm.dll Thu Dec 12 2002 1:14:32a A.... 364,816 356.27 K
d3dx9_24.dll Sat Feb 5 2005 7:45:26p A.... 2,222,800 2.12 M
d3dx9_25.dll Fri Mar 18 2005 5:19:58p A.... 2,337,488 2.23 M
d3dxof.dll Thu Dec 12 2002 1:14:32a A.... 49,424 48.27 K
dbghelp.dll Thu Jun 19 2003 12:05:04p A.... 163,088 159.27 K
dbmsadsn.dll Thu Feb 20 2003 5:39:40p A.... 24,576 24.00 K
dbmsgnet.dll Thu Feb 20 2003 5:39:40p A.... 28,672 28.00 K
dbmsrpcn.dll Thu Feb 20 2003 5:39:40p A.... 24,576 24.00 K
dbmsspxn.dll Thu Jun 19 2003 12:05:04p A.... 33,040 32.27 K
dbmsvinn.dll Thu Feb 20 2003 5:39:42p A.... 24,576 24.00 K
dbnetlib.dll Thu Feb 20 2003 5:39:04p A.... 73,728 72.00 K
dbnmpntw.dll Thu Feb 20 2003 5:39:44p A.... 28,672 28.00 K
ddraw.dll Fri Jul 9 2004 5:27:28a A.... 265,728 259.50 K
devenum.dll Fri May 30 2003 10:00:02a A.... 53,248 52.00 K
devmgr.dll Thu Jun 19 2003 12:05:04p A.... 221,968 216.77 K
dfrgsnap.dll Thu Jun 19 2003 12:05:04p A.... 42,768 41.77 K
dfsshlex.dll Thu Jun 19 2003 12:05:04p A.... 22,800 22.27 K
dhcpcsvc.dll Thu Jun 19 2003 12:05:04p A.... 92,944 90.77 K
dhcpmon.dll Thu Jun 19 2003 12:05:04p A.... 306,448 299.27 K
dhcpsapi.dll Thu Jun 19 2003 12:05:04p A.... 75,536 73.77 K
digest.dll Thu Aug 29 2002 8:14:40a A.... 55,296 54.00 K
diskcopy.dll Thu Jun 19 2003 12:05:04p A.... 16,144 15.77 K
divx.dll Tue Oct 26 2004 4:38:24p A.... 716,800 700.00 K
divxde~1.dll Tue Oct 26 2004 4:38:20p A.... 94,208 92.00 K
divxde~2.dll Tue Oct 26 2004 4:38:20p A.... 94,208 92.00 K
divxde~3.dll Tue Oct 26 2004 4:38:20p A.... 94,208 92.00 K
divx_x~1.dll Tue Oct 26 2004 4:38:20p A.... 206,336 201.50 K
divx_x~2.dll Tue Oct 26 2004 4:38:18p A.... 206,848 202.00 K
divx_x~3.dll Tue Oct 26 2004 4:38:20p A.... 528,384 516.00 K
dmband.dll Thu Dec 12 2002 1:14:32a A.... 27,136 26.50 K
dmcompos.dll Thu Dec 12 2002 1:14:32a A.... 58,368 57.00 K
dmconfig.dll Thu Jun 19 2003 12:05:04p A.... 316,176 308.77 K
dmdlgs.dll Thu Jun 19 2003 12:05:04p A.... 174,864 170.77 K
dmdskmgr.dll Thu Jun 19 2003 12:05:04p A.... 163,600 159.77 K
dmdskres.dll Thu Jun 19 2003 12:05:04p A.... 122,368 119.50 K
dmime.dll Fri Jul 9 2004 5:27:28a A.... 181,248 177.00 K
dmintf.dll Thu Jun 19 2003 12:05:04p A.... 13,072 12.77 K
dmloader.dll Thu Dec 12 2002 1:14:32a A.... 33,280 32.50 K
dmscript.dll Thu Dec 12 2002 1:14:32a A.... 76,800 75.00 K
dmserver.dll Thu Jun 19 2003 12:05:04p A.... 12,048 11.77 K
dmstyle.dll Thu Dec 12 2002 1:14:32a A.... 98,816 96.50 K
dmsynth.dll Thu Dec 12 2002 1:14:32a A.... 100,864 98.50 K
dmusic.dll Fri Jul 9 2004 5:27:28a A.... 104,448 102.00 K
dmutil.dll Thu Jun 19 2003 12:05:04p A.... 43,280 42.27 K
dnsapi.dll Tue Mar 23 2004 8:17:00p A.... 134,928 131.77 K
dnsrslvr.dll Tue Mar 23 2004 8:17:02p A.... 92,432 90.27 K
dplayx.dll Fri Jul 9 2004 5:27:28a A.... 230,400 225.00 K
dpmodemx.dll Thu Dec 12 2002 1:14:32a A.... 22,016 21.50 K
dpnaddr.dll Thu Dec 12 2002 1:14:32a A.... 3,072 3.00 K
dpnet.dll Thu Dec 12 2002 1:14:32a A.... 377,856 369.00 K
dpnhpast.dll Mon Mar 24 2003 10:00:02a A.... 32,768 32.00 K
dpnhupnp.dll Mon Mar 24 2003 10:00:02a A.... 68,096 66.50 K
dpnlobby.dll Thu Dec 12 2002 1:14:32a A.... 3,072 3.00 K
dpu10.dll Tue Oct 26 2004 4:39:04p A.... 290,816 284.00 K
dpugui10.dll Tue Oct 26 2004 4:39:04p A.... 602,112 588.00 K
dpus10.dll Tue Oct 26 2004 4:39:04p A.... 335,872 328.00 K
dpv10.dll Tue Oct 26 2004 4:39:06p A.... 53,248 52.00 K
dpvacm.dll Thu Dec 12 2002 1:14:32a A.... 19,968 19.50 K
dpvoice.dll Thu Dec 12 2002 1:14:32a A.... 203,264 198.50 K
dpvvox.dll Thu Dec 12 2002 1:14:32a A.... 112,128 109.50 K
dpwsockx.dll Fri Jul 9 2004 5:27:28a A.... 57,856 56.50 K
dragnkl1.dll Fri Dec 5 2003 2:11:34p A.... 495,616 484.00 K
drmclien.dll Wed Dec 11 2002 7:50:18p A.... 301,712 294.64 K
drmstor.dll Wed Dec 11 2002 6:34:42p A.... 82,432 80.50 K
drmv2clt.dll Wed Dec 11 2002 7:09:22p A.... 678,912 663.00 K
ds16gt.dll Thu Feb 6 2003 12:33:04p A.... 4,656 4.55 K
ds32gt.dll Thu Feb 20 2003 5:39:06p A.... 16,384 16.00 K
dsauth.dll Thu Jun 19 2003 12:05:04p A.... 74,512 72.77 K
dsdmo.dll Thu Dec 12 2002 1:14:32a A.... 186,880 182.50 K
dsdmoprp.dll Thu Dec 12 2002 1:14:32a A.... 68,096 66.50 K
dsfolder.dll Thu Jun 19 2003 12:05:04p A.... 41,744 40.77 K
dskquota.dll Thu Jun 19 2003 12:05:04p A.... 92,944 90.77 K
dskquoui.dll Thu Jun 19 2003 12:05:04p A.... 146,192 142.77 K
dsound.dll Fri Jul 9 2004 5:27:28a A.... 363,520 355.00 K
dsound3d.dll Thu Dec 12 2002 1:14:32a A.... 1,294,336 1.23 M
dsprop.dll Thu Jun 19 2003 12:05:04p A.... 299,792 292.77 K
dsquery.dll Thu Jun 19 2003 12:05:04p A.... 157,456 153.77 K
dssbase.dll Thu Jun 19 2003 12:05:04p A.... 145,680 142.27 K
dssec.dll Thu Jun 19 2003 12:05:04p A.... 28,944 28.27 K
dssenh.dll Thu Jun 19 2003 12:05:04p ..... 147,216 143.77 K
dsuiext.dll Thu Jun 19 2003 12:05:04p A.... 110,864 108.27 K
dswave.dll Thu Dec 12 2002 1:14:32a A.... 18,432 18.00 K
dx3j.dll Fri Feb 28 2003 4:34:42p A.... 313,856 306.50 K
dx7vb.dll Thu Dec 12 2002 1:14:32a A.... 602,624 588.50 K
dx8vb.dll Fri May 30 2003 10:00:02a A.... 1,189,888 1.13 M
dxdiagn.dll Fri Jul 9 2004 5:27:28a A.... 1,769,472 1.69 M
dxmasf.dll Thu Jun 19 2003 12:05:04p A.... 498,205 486.53 K
dxmrtp.dll Thu Jun 19 2003 12:05:04p A.... 265,488 259.27 K
dxtmsft.dll Thu Aug 29 2002 8:14:40a A.... 351,232 343.00 K
dxtrans.dll Thu Aug 29 2002 8:14:40a A.... 187,392 183.00 K
e100bmsg.dll Mon Feb 3 2003 7:26:18a A...R 12,288 12.00 K
els.dll Thu Jun 19 2003 12:05:04p A.... 157,968 154.27 K
encapi.dll Thu Dec 12 2002 1:14:32a A.... 18,944 18.50 K
es.dll Thu Mar 11 2004 3:29:22p A.... 239,888 234.27 K
esent.dll Thu Jun 19 2003 12:05:04p A.... 1,135,376 1.08 M
eventlog.dll Tue Mar 23 2004 8:17:02p A.... 47,888 46.77 K
expsrv.dll Fri Sep 26 2003 7:12:38p A.... 380,957 372.03 K
faxadmin.dll Thu Jun 19 2003 12:05:04p A.... 92,944 90.77 K
faxcom.dll Thu Jun 19 2003 12:05:04p A.... 80,144 78.27 K
faxdrv.dll Thu Jun 19 2003 12:05:04p A.... 15,120 14.77 K
faxt30.dll Thu Jun 19 2003 12:05:04p A.... 185,616 181.27 K
faxui.dll Thu Jun 19 2003 12:05:04p A.... 138,000 134.77 K
fdeploy.dll Thu Jun 19 2003 12:05:04p A.... 50,448 49.27 K
ff05da0d.dll Wed May 15 2002 9:36:46p A.... 217,088 212.00 K
fftiff16.dll Mon Apr 22 2002 7:08:04p A.... 274,432 268.00 K
filemgmt.dll Thu Jun 19 2003 12:05:04p A.... 294,672 287.77 K
fmifs.dll Thu Jun 19 2003 12:05:04p A.... 17,680 17.27 K
fontext.dll Thu Jun 19 2003 12:05:04p A.... 200,976 196.27 K
fpxevent.dll Tue Jun 25 2002 7:04:22p ..... 417,792 408.00 K
gccoll~1.dll Fri Jun 24 2005 3:24:22p A.... 126,680 123.71 K
gcunco~1.dll Thu Feb 10 2005 11:32:20p A.... 130,272 127.22 K
gdi32.dll Thu Jun 17 2004 5:05:28p A.... 231,184 225.77 K
gearaspi.dll Mon Apr 5 2004 6:42:36p A.... 78,896 77.05 K
gpedit.dll Thu Jun 19 2003 12:05:04p A.... 305,424 298.27 K
gptext.dll Thu Jun 19 2003 12:05:04p A.... 118,544 115.77 K
gwfspi~1.dll Fri Jan 28 2005 4:37:58p A.... 23,304 22.76 K
h323msp.dll Thu Jun 19 2003 12:05:04p A.... 163,088 159.27 K
hal.dll Thu Jun 19 2003 12:05:04p A.... 83,040 81.09 K
hashlib.dll Fri Jun 24 2005 3:24:22p A.... 117,976 115.21 K
hccoin.dll Thu Jun 19 2003 12:05:04p ..... 6,416 6.27 K
hhsetup.dll Thu Jun 19 2003 12:05:04p A.... 37,888 37.00 K
hid.dll Thu Jun 19 2003 12:05:04p A.... 18,192 17.77 K
hlink.dll Tue Nov 16 2004 4:37:18a A.... 68,096 66.50 K
hotplug.dll Thu Jun 19 2003 12:05:04p A.... 76,560 74.77 K
hticons.dll Thu Jun 19 2003 12:05:04p A.... 21,776 21.27 K
hypertrm.dll Tue Nov 16 2004 4:47:02a A.... 576,784 563.27 K
iasacct.dll Thu Jun 19 2003 12:05:04p A.... 28,944 28.27 K
iasads.dll Thu Jun 19 2003 12:05:04p A.... 75,536 73.77 K
iasnap.dll Thu Jun 19 2003 12:05:04p A.... 60,176 58.77 K
iasperf.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
iasrad.dll Thu Jun 19 2003 12:05:04p A.... 97,040 94.77 K
iassam.dll Thu Jun 19 2003 12:05:04p A.... 100,624 98.27 K
iassdo.dll Thu Jun 19 2003 12:05:04p A.... 269,584 263.27 K
iassvcs.dll Thu Jun 19 2003 12:05:04p A.... 60,176 58.77 K
iasuserr.dll Thu Jun 19 2003 12:05:04p A.... 20,240 19.77 K
icm32.dll Thu Jun 19 2003 12:05:04p A.... 245,008 239.27 K
idq.dll Thu Jun 19 2003 12:05:04p A.... 122,128 119.27 K
ieakeng.dll Thu Aug 29 2002 8:14:40a A.... 126,976 124.00 K
ieaksie.dll Thu Aug 29 2002 8:14:40a A.... 204,288 199.50 K
ieakui.dll Thu Aug 29 2002 8:14:40a A.... 221,184 216.00 K
iedkcs32.dll Thu Aug 29 2002 8:14:40a A.... 294,912 288.00 K
iepeers.dll Fri Feb 18 2005 12:43:20p A.... 236,032 230.50 K
iesetup.dll Thu Aug 29 2002 8:14:40a A.... 57,856 56.50 K
ifsutil.dll Thu Jun 19 2003 12:05:04p A.... 67,344 65.77 K
imagehlp.dll Thu Jun 19 2003 12:05:04p A.... 128,784 125.77 K
imgutil.dll Thu Aug 29 2002 8:14:40a A.... 30,720 30.00 K
imm32.dll Thu Jun 19 2003 12:05:04p A.... 96,528 94.27 K
inetcomm.dll Thu Oct 14 2004 1:19:12p A.... 596,480 582.50 K
inetcplc.dll Thu Aug 29 2002 8:14:40a A.... 110,592 108.00 K
inetmib1.dll Thu Jun 19 2003 12:05:04p A.... 29,456 28.77 K
inetpp.dll Thu Jun 19 2003 12:05:04p A.... 66,832 65.27 K
inetres.dll Fri Oct 11 2002 4:08:36p A.... 47,616 46.50 K
infosoft.dll Thu Jun 19 2003 12:05:04p A.... 206,096 201.27 K
initpki.dll Thu Jun 19 2003 12:05:04p A.... 138,000 134.77 K
inked.dll Thu Aug 29 2002 3:40:56a A.... 198,656 194.00 K
inseng.dll Thu Aug 26 2004 10:53:48a A.... 69,632 68.00 K
instaf~1.dll Fri Oct 1 2004 3:42:08p A.... 36,352 35.50 K
intelnic.dll Sun Dec 29 2002 6:00:02a A...R 24,064 23.50 K
iphlpapi.dll Thu Jun 19 2003 12:05:04p A.... 69,904 68.27 K
ipnathlp.dll Tue Mar 23 2004 8:17:02p A.... 442,640 432.27 K
iprop.dll Thu Jun 19 2003 12:05:04p A.... 4,368 4.27 K
iprtrmgr.dll Thu Jun 19 2003 12:05:04p A.... 159,504 155.77 K
ir41_qcx.dll Thu Apr 8 2004 12:14:14p A.... 338,432 330.50 K
irmon.dll Thu Jun 19 2003 12:05:04p A.... 73,488 71.77 K
isign32.dll Thu Jun 19 2003 12:05:04p A.... 72,464 70.77 K
iswrs.dll Thu Jun 27 2002 10:07:30a A.... 0 0.00 K
itircl.dll Wed Aug 27 2003 3:13:52p A.... 143,872 140.50 K
itss.dll Tue Jun 22 2004 4:42:32p A.... 123,392 120.50 K
iuctl.dll Mon Feb 9 2004 9:08:34p A.... 115,480 112.77 K
iuengine.dll Mon Feb 9 2004 9:09:30p A.... 183,064 178.77 K
ixsso.dll Thu Jun 19 2003 12:05:04p A.... 49,936 48.77 K
javacypt.dll Fri Feb 28 2003 6:26:16p A.... 187,152 182.77 K
javaee.dll Fri Feb 28 2003 6:26:18p A.... 139,536 136.27 K
javaprxy.dll Fri Feb 28 2003 6:26:18p A.... 63,248 61.77 K
javart.dll Fri Feb 28 2003 6:26:18p A.... 404,752 395.27 K
jet500.dll Thu Jun 19 2003 12:05:04p A.... 374,032 365.27 K
jit.dll Fri Feb 28 2003 6:26:20p A.... 171,280 167.27 K
jscript.dll Mon Jan 13 2003 2:57:58p A.... 589,881 576.05 K
jsproxy.dll Thu Aug 29 2002 8:14:40a A.... 12,288 12.00 K
kbdca.dll Thu Jun 19 2003 12:05:04p A.... 6,928 6.77 K
kerberos.dll Wed Mar 10 2004 8:37:10p A.... 210,192 205.27 K
kernel32.dll Thu Jun 17 2004 5:05:28p A.... 712,464 695.77 K
ksuser.dll Thu Dec 12 2002 1:14:32a A.... 4,096 4.00 K
kudit142.dll Wed Jun 26 2002 8:35:08p ..S.R 417,792 408.00 K
laprxy.dll Wed Dec 11 2002 4:16:58p A.... 6,656 6.50 K
legitc~1.dll Fri Jun 17 2005 11:40:36a A.... 459,528 448.76 K
lex2kusb.dll Tue Sep 10 2002 3:53:28a A.... 188,416 184.00 K
lexbce.dll Tue Sep 10 2002 3:53:28a A.... 126,976 124.00 K
lexlmpm.dll Tue Sep 10 2002 3:54:46a A.... 192,000 187.50 K
lexp2p32.dll Tue Sep 10 2002 3:53:30a A.... 201,216 196.50 K
linkinfo.dll Thu Sep 2 2004 1:03:50p A.... 17,168 16.77 K
lmhsvc.dll Thu Jun 19 2003 12:05:04p A.... 10,000 9.77 K
loadperf.dll Thu Jun 19 2003 12:05:04p A.... 66,320 64.77 K
localsec.dll Thu Jun 19 2003 12:05:04p A.... 246,032 240.27 K
localspl.dll Thu Jun 19 2003 12:05:04p A.... 259,344 253.27 K
loghours.dll Thu Jun 19 2003 12:05:04p A.... 48,400 47.27 K
lpk.dll Thu Jun 19 2003 12:05:04p A.... 20,240 19.77 K
lsasrv.dll Fri Oct 15 2004 12:16:52p A.... 513,296 501.27 K
lsrt.dll Thu Jun 27 2002 10:07:16a ..S.R 417,792 408.00 K
lxbhcomm.dll Tue Sep 10 2002 3:53:32a A.... 270,336 264.00 K
lxbhcu.dll Tue Sep 10 2002 3:53:34a A.... 81,920 80.00 K
lxbhcur.dll Tue Sep 10 2002 3:54:46a A.... 90,112 88.00 K
lxbhgf.dll Tue Sep 10 2002 3:53:34a A.... 983,107 960.06 K
lxbhjswr.dll Tue Sep 10 2002 3:54:46a A.... 389,120 380.00 K
lxbhlcnp.dll Tue Sep 10 2002 3:53:34a A.... 65,536 64.00 K
lxbhlcnt.dll Tue Sep 10 2002 3:53:34a A.... 200,704 196.00 K
lxbhpmnt.dll Tue Sep 10 2002 3:53:36a A.... 266,240 260.00 K
lxbhpwr.dll Tue Sep 10 2002 3:53:36a A.... 61,440 60.00 K
lxbhutil.dll Tue Sep 10 2002 3:53:38a A.... 266,240 260.00 K
lyexpand.dll Fri Jun 28 2002 2:49:44p ..S.R 417,792 408.00 K
lz32.dll Thu Jun 19 2003 12:05:04p A.... 10,000 9.77 K
mciqtz32.dll Thu Dec 12 2002 1:14:32a A.... 34,304 33.50 K
mdhcp.dll Thu Jun 19 2003 12:05:04p A.... 76,048 74.27 K
mdminst.dll Thu Jun 19 2003 12:05:04p A.... 102,160 99.77 K
mf3216.dll Tue Mar 23 2004 8:17:02p A.... 37,136 36.27 K
mfc42.dll Thu Jun 19 2003 12:05:04p A.... 1,015,859 992.05 K
mfc42u.dll Thu Jun 19 2003 12:05:04p A.... 1,011,764 988.05 K
mfc70.dll Thu Oct 9 2003 1:22:22p A.... 974,848 952.00 K
mfc71.dll Wed Mar 19 2003 3:20:00p A.... 1,060,864 1.01 M
mgmtapi.dll Thu Jun 19 2003 12:05:04p A.... 14,096 13.77 K
mimefilt.dll Thu Jun 19 2003 12:05:04p A.... 19,728 19.27 K
mlang.dll Thu Aug 29 2002 8:14:40a A.... 574,976 561.50 K
mmcndmgr.dll Thu Jun 19 2003 12:05:04p A.... 835,856 816.27 K
mobsync.dll Thu Jun 19 2003 12:05:04p A.... 169,232 165.27 K
modemui.dll Thu Jun 19 2003 12:05:04p A.... 99,088 96.77 K
mp43dmod.dll Wed Dec 11 2002 8:12:02p A.... 316,040 308.63 K
mp4sdmod.dll Wed Dec 11 2002 4:16:58p A.... 384,512 375.50 K
mpg4dmod.dll Wed Dec 11 2002 6:34:40p A.... 241,664 236.00 K
mpr.dll Tue Mar 23 2004 8:17:02p A.... 54,544 53.27 K
mprddm.dll Thu Jun 19 2003 12:05:04p A.... 69,904 68.27 K
mprdim.dll Thu Jun 19 2003 12:05:04p A.... 47,376 46.27 K
mprui.dll Thu Jun 19 2003 12:05:04p A.... 56,080 54.77 K
msafd.dll Thu Jun 19 2003 12:05:04p A.... 108,816 106.27 K
msasn1.dll Tue Mar 23 2004 8:17:00p A.... 53,520 52.27 K
msawt.dll Fri Feb 28 2003 6:26:20p A.... 154,384 150.77 K
msclus.dll Thu Jun 19 2003 12:05:04p A.... 236,304 230.77 K
mscoree.dll Thu Jul 15 2004 1:24:50a A.... 155,648 152.00 K
mscorier.dll Thu Jul 15 2004 12:34:06a A.... 16,896 16.50 K
mscories.dll Thu Feb 20 2003 7:09:14p A.... 106,496 104.00 K
mscpxl32.dll Thu Feb 20 2003 4:27:26p A.... 36,864 36.00 K
msdart.dll Thu Feb 20 2003 5:39:00p A.... 143,360 140.00 K
msdart32.dll Thu Jun 19 2003 12:05:04p A.... 24,848 24.27 K
msdmo.dll Thu Dec 12 2002 1:14:32a A.... 13,312 13.00 K
msdtclog.dll Thu Mar 11 2004 3:29:24p A.... 96,016 93.77 K
msdtcprx.dll Thu Mar 11 2004 3:29:24p A.... 717,584 700.77 K
msdtctm.dll Thu Mar 11 2004 3:29:26p A.... 1,139,984 1.09 M
msdtcui.dll Thu Mar 11 2004 3:29:26p A.... 153,872 150.27 K
msdxmlc.dll Thu Jun 19 2003 12:05:04p A.... 4,126 4.03 K
msencode.dll Thu Aug 29 2002 8:14:40a A.... 95,744 93.50 K
msexch40.dll Fri Sep 26 2003 7:12:48p A.... 512,272 500.27 K
msexcl40.dll Mon Mar 1 2004 1:58:24p A.... 319,760 312.27 K
msgina.dll Thu Jun 17 2004 5:05:28p A.... 335,120 327.27 K
msgsvc.dll Thu Oct 2 2003 2:17:32p A.... 34,064 33.27 K
mshtml.dll Thu Feb 24 2005 1:23:26p A.... 2,811,904 2.68 M
mshtmled.dll Thu Aug 29 2002 8:14:40a A.... 434,688 424.50 K
mshtmler.dll Thu Aug 29 2002 8:14:40a A.... 56,320 55.00 K
msi.dll Mon Mar 21 2005 3:00:20p A.... 2,890,240 2.75 M
msident.dll Mon Mar 3 2003 5:57:20p A.... 44,032 43.00 K
msidntld.dll Thu Aug 29 2002 8:14:40a A.... 14,848 14.50 K
msieftp.dll Thu Aug 29 2002 8:14:40a A.... 248,080 242.27 K
msihnd.dll Mon Mar 21 2005 3:00:22p A.... 271,360 265.00 K
msimsg.dll Mon Mar 21 2005 3:00:22p A.... 884,736 864.00 K
msisip.dll Mon Mar 21 2005 3:00:22p A.... 15,360 15.00 K
msjava.dll Fri Feb 28 2003 6:26:26p A.... 947,472 925.27 K
msjdbc10.dll Fri Feb 28 2003 6:26:26p A.... 21,264 20.77 K
msjet40.dll Mon Mar 1 2004 1:58:26p A.... 1,507,600 1.44 M
msjeto~1.dll Tue Feb 17 2004 6:26:44p A.... 352,528 344.27 K
msjint40.dll Fri Sep 26 2003 7:12:54p A.... 151,824 148.27 K
msjter40.dll Fri Sep 26 2003 7:12:54p A.... 53,520 52.27 K
msjtes40.dll Mon Mar 1 2004 1:58:28p A.... 241,936 236.27 K
msltus40.dll Fri Sep 26 2003 7:12:54p A.... 213,264 208.27 K
msnetobj.dll Wed Dec 11 2002 7:09:22p A.... 253,952 248.00 K
msoeacct.dll Mon Mar 3 2003 5:57:20p A.... 228,864 223.50 K
msoert2.dll Mon Mar 3 2003 5:57:18p A.... 91,136 89.00 K
msorc32r.dll Thu Feb 20 2003 4:14:50p A.... 20,480 20.00 K
msorcl32.dll Thu Feb 20 2003 5:39:30p A.... 139,264 136.00 K
mspatcha.dll Thu Jun 19 2003 12:05:04p A.... 27,136 26.50 K
mspbde40.dll Fri Sep 26 2003 7:12:56p A.... 348,432 340.27 K
mspmsnsv.dll Tue Nov 26 2002 8:03:32p A.... 52,224 51.00 K
mspmsp.dll Tue Nov 26 2002 8:03:32p A.... 201,728 197.00 K
msprivs.dll Thu Jun 19 2003 12:05:04p A.... 47,104 46.00 K
msratelc.dll Thu Aug 29 2002 8:14:40a A.... 59,904 58.50 K
msrating.dll Thu Feb 24 2005 11:54:42a A.... 132,096 129.00 K
msrd2x40.dll Fri Sep 26 2003 7:12:56p A.... 422,160 412.27 K
msrd3x40.dll Fri Sep 26 2003 7:12:58p A.... 315,664 308.27 K
msrepl40.dll Fri Sep 26 2003 7:12:58p A.... 553,232 540.27 K
msrle32.dll Thu Jun 19 2003 12:05:04p A.... 11,024 10.77 K
msscp.dll Wed Dec 11 2002 7:09:22p A.... 358,912 350.50 K
mssign32.dll Thu Jun 19 2003 12:05:04p A.... 35,088 34.27 K
msssc.dll Mon Aug 30 2004 2:57:22p A.... 44 0.04 K
msswch.dll Thu Jun 19 2003 12:05:04p A.... 14,608 14.27 K
mstask.dll Thu Jun 10 2004 9:58:12a A.... 216,848 211.77 K
mstext40.dll Fri Sep 26 2003 7:13:00p A.... 258,320 252.27 K
mstime.dll Thu Aug 29 2002 8:14:40a A.... 496,128 484.50 K
msv1_0.dll Wed Mar 10 2004 8:37:18p A.... 123,152 120.27 K
msvbvm60.dll Mon Feb 23 2004 9:42:40p A.... 1,386,496 1.32 M
msvcp70.dll Thu Oct 9 2003 1:26:06p A.... 487,424 476.00 K
msvcp71.dll Wed Mar 19 2003 2:14:52p A.... 499,712 488.00 K
msvcr70.dll Thu Oct 9 2003 1:26:06p A.... 344,064 336.00 K
msvcr71.dll Fri Feb 21 2003 10:42:22p ..... 348,160 340.00 K
msvcrt.dll Thu Jun 19 2003 12:05:04p A.... 286,773 280.05 K
msvfw32.dll Thu Jun 19 2003 12:05:04p A.... 116,496 113.77 K
msvidctl.dll Fri Jul 9 2004 3:58:08a A.... 480,256 469.00 K
msw3prt.dll Thu Jun 19 2003 12:05:04p A.... 76,560 74.77 K
mswdat10.dll Fri Sep 26 2003 7:13:00p A.... 831,760 812.27 K
mswebdvd.dll Thu Dec 12 2002 1:14:32a A.... 194,560 190.00 K
mswmdm.dll Tue Nov 26 2002 8:03:32p A.... 245,760 240.00 K
mswsock.dll Thu Jun 19 2003 12:05:04p A.... 64,272 62.77 K
mswstr10.dll Fri Sep 26 2003 7:13:02p A.... 614,672 600.27 K
msxbde40.dll Fri Sep 26 2003 5:12:24p A.... 348,432 340.27 K
msxml.dll Thu Jun 19 2003 12:05:04p A.... 514,320 502.27 K
msxml3.dll Tue Aug 3 2004 11:56:46p A.... 1,236,480 1.18 M
msxml3r.dll Mon Mar 31 2003 6:00:00a A.... 44,032 43.00 K
msxml4.dll Fri Apr 18 2003 4:46:22p A.... 1,233,920 1.18 M
msxmlr.dll Thu Jun 19 2003 12:05:04p ..... 26,624 26.00 K
msyuv.dll Fri Jul 9 2004 3:58:26a A.... 16,896 16.50 K
mtxclu.dll Thu Mar 11 2004 3:29:26p A.... 52,496 51.27 K
mtxdm.dll Thu Mar 11 2004 3:29:26p A.... 26,896 26.27 K
mtxlegih.dll Thu Mar 11 2004 3:29:26p A.... 35,600 34.77 K
mtxoci.dll Thu Mar 11 2004 3:29:26p A.... 120,592 117.77 K
mw3216.dll Wed Jun 26 2002 8:47:50p ..S.R 417,792 408.00 K
mycomput.dll Thu Jun 19 2003 12:05:04p A.... 110,352 107.77 K
mydocs.dll Thu Jun 19 2003 12:05:04p A.... 57,104 55.77 K
n124ufw.dll Fri Apr 12 2002 8:23:24p A.... 339,968 332.00 K
nddeapi.dll Thu Jun 19 2003 12:05:04p A.... 16,144 15.77 K
nddenb32.dll Mon Jun 21 2004 7:35:10p A.... 17,168 16.77 K
neflib~1.dll Thu Dec 4 2003 4:38:48p A.... 919,040 897.50 K
netapi32.dll Thu Jun 10 2004 9:58:12a A.... 309,008 301.77 K
netcfgx.dll Thu Jun 19 2003 12:05:04p A.... 547,600 534.77 K
netfxp~1.dll Thu Feb 20 2003 7:16:34p A.... 32,768 32.00 K
netid.dll Thu Jun 19 2003 12:05:04p A.... 131,344 128.27 K
netlogon.dll Tue Mar 23 2004 8:17:02p A.... 371,472 362.77 K
netman.dll Thu Jun 19 2003 12:05:04p A.... 95,504 93.27 K
netplwiz.dll Thu Jun 19 2003 12:05:04p A.... 173,840 169.77 K
netshell.dll Thu Jun 19 2003 12:05:04p A.... 477,456 466.27 K
netui0.dll Thu Jun 19 2003 12:05:04p A.... 71,952 70.27 K
newdev.dll Wed Jun 11 2003 11:40:04a A.... 114,448 111.77 K
nipeiin.dll Thu Jun 27 2002 4:09:32a A.... 27,648 27.00 K
nlhtml.dll Thu Jun 19 2003 12:05:04p A.... 89,600 87.50 K
ntdll.dll Tue Mar 23 2004 8:17:00p A.... 497,936 486.27 K
ntdsa.dll Tue Mar 23 2004 8:17:02p A.... 1,028,880 1004.77 K
ntdsapi.dll Thu Jun 19 2003 12:05:04p A.... 57,616 56.27 K
ntdsatq.dll Thu Jun 19 2003 12:05:04p A.... 32,016 31.27 K
ntdsbcli.dll Thu Jun 19 2003 12:05:04p A.... 28,432 27.77 K
ntdsbsrv.dll Thu Jun 19 2003 12:05:04p A.... 29,968 29.27 K
ntdsetup.dll Thu Jun 19 2003 12:05:04p A.... 67,344 65.77 K
ntdskcc.dll Thu Jun 19 2003 12:05:04p A.... 79,632 77.77 K
nticdm~1.dll Mon Jan 31 2005 3:58:00p ...HR 1,024 1.00 K
ntiembed.dll Mon Jan 31 2005 3:59:32p ...HR 1,024 1.00 K
ntimpeg2.dll Mon Jan 31 2005 3:58:00p ...HR 1,024 1.00 K
ntlanman.dll Thu Sep 2 2004 2:03:50p A.... 35,088 34.27 K
ntlsapi.dll Thu Jun 19 2003 12:05:04p A.... 6,928 6.77 K
ntmarta.dll Thu Jun 19 2003 12:05:04p A.... 102,672 100.27 K
ntmsapi.dll Thu Jun 19 2003 12:05:04p A.... 53,520 52.27 K
ntmsdba.dll Thu Jun 19 2003 12:05:04p A.... 173,328 169.27 K
ntmssvc.dll Thu Jun 19 2003 12:05:04p A.... 401,168 391.77 K
ntprint.dll Thu Jun 19 2003 12:05:04p A.... 66,320 64.77 K
ntsdexts.dll Thu Jun 19 2003 12:05:04p A.... 85,776 83.77 K
ntvdmd.dll Thu Jun 17 2004 5:05:28p A.... 14,096 13.77 K
nwprovau.dll Thu Jun 19 2003 12:05:04p A.... 139,536 136.27 K
nwwks.dll Thu Jun 19 2003 12:05:04p A.... 60,688 59.27 K
oakley.dll Thu May 1 2003 5:39:14p A.... 417,552 407.77 K
objsel.dll Thu Jun 19 2003 12:05:04p A.... 214,800 209.77 K
occache.dll Thu Aug 29 2002 8:14:40a A.... 87,552 85.50 K
ocmanage.dll Thu Jun 19 2003 12:05:04p A.... 57,104 55.77 K
odbc16gt.dll Thu Feb 6 2003 12:33:04p A.... 26,224 25.61 K
odbc32.dll Thu Feb 20 2003 5:39:02p A.... 221,184 216.00 K
odbc32gt.dll Thu Feb 20 2003 5:39:32p A.... 16,384 16.00 K
odbcbcp.dll Fri Dec 12 2003 3:40:28p A.... 24,576 24.00 K
odbcconf.dll Thu Feb 20 2003 4:27:30p A.... 126,976 124.00 K
odbccp32.dll Thu Feb 20 2003 5:39:32p A.... 102,400 100.00 K
odbccr32.dll Thu Feb 20 2003 5:39:34p A.... 61,440 60.00 K
odbccu32.dll Thu Feb 20 2003 5:39:36p A.... 61,440 60.00 K
odbcint.dll Thu Feb 20 2003 5:39:02p A.... 94,208 92.00 K
odbcji32.dll Thu Jun 19 2003 12:05:04p A.... 53,520 52.27 K
odbcjt32.dll Thu Jun 19 2003 12:05:04p A.... 270,608 264.27 K
odbctrac.dll Thu Feb 20 2003 5:39:36p A.... 147,456 144.00 K
oddbse32.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
odexl32.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
odfox32.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
odpdx32.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
odtext32.dll Thu Jun 19 2003 12:05:04p A.... 20,752 20.27 K
oemdspif.dll Tue May 3 2005 8:24:16p A.... 73,728 72.00 K
offfilt.dll Thu Jun 19 2003 12:05:04p A.... 110,080 107.50 K
oieng400.dll Thu Jun 19 2003 12:05:04p A.... 444,176 433.77 K
oiui400.dll Thu Jun 19 2003 12:05:04p A.... 61,712 60.27 K
ole32.dll Thu Jan 13 2005 6:27:10p A.... 957,200 934.77 K
oleaut32.dll Thu Jun 19 2003 12:05:04p A.... 626,960 612.27 K
olecli32.dll Thu Jan 13 2005 6:27:10p A.... 69,392 67.77 K
olecnv32.dll Thu Jan 13 2005 6:27:10p A.... 36,624 35.77 K
oleprn.dll Thu Jun 19 2003 12:05:04p A.... 106,256 103.77 K
olepro32.dll Thu Jun 19 2003 12:05:04p A.... 164,112 160.27 K
olethk32.dll Thu Jun 19 2003 12:05:04p A.... 70,928 69.27 K
opengl32.dll Thu Jun 19 2003 12:05:04p A.... 692,496 676.27 K
oriprro.dll Thu Jun 27 2002 1:08:54p A.... 23,040 22.50 K
oukcu.dll Thu Jun 27 2002 1:08:56p A.... 0 0.00 K
pdh.dll Thu Jun 19 2003 12:05:04p A.... 151,824 148.27 K
perfctrs.dll Thu Jun 19 2003 12:05:04p A.... 42,256 41.27 K
perfdisk.dll Thu Jun 19 2003 12:05:04p A.... 24,848 24.27 K
perfproc.dll Thu Jun 19 2003 12:05:04p A.... 29,456 28.77 K
picn1020.dll Fri Dec 5 2003 2:09:06p A.... 143,360 140.00 K
picn1120.dll Fri Dec 5 2003 2:08:48p A.... 151,552 148.00 K
picn20.dll Fri Oct 10 2003 8:23:48p A...R 42,496 41.50 K
pncrt.dll Thu Aug 12 2004 12:35:12p A.... 278,528 272.00 K
pndx5016.dll Thu Aug 12 2004 12:35:14p A.... 6,656 6.50 K
pndx5032.dll Thu Aug 12 2004 12:35:14p A.... 5,632 5.50 K
pngfilt.dll Thu Aug 29 2002 8:14:40a A.... 34,816 34.00 K
polagent.dll Thu May 1 2003 5:39:14p A.... 96,528 94.27 K
polstore.dll Thu May 1 2003 5:39:14p A.... 137,488 134.27 K
powrprof.dll Thu Jun 19 2003 12:05:04p A.... 13,584 13.27 K
printui.dll Thu Jun 19 2003 12:05:04p A.... 381,712 372.77 K
profmap.dll Thu Jun 19 2003 12:05:04p A.... 29,968 29.27 K
psbase.dll Tue Mar 23 2004 8:17:02p A.... 115,984 113.27 K
psikey.dll Tue Oct 26 2004 4:38:26p A.... 1,335,296 1.27 M
psisdecd.dll Fri Jul 9 2004 3:58:34a A.... 354,816 346.50 K
px.dll Mon Dec 15 2003 7:45:38p A.... 462,848 452.00 K
pxdrv.dll Mon Oct 27 2003 2:00:00a A.... 319,488 312.00 K
pxmas.dll Mon Dec 15 2003 7:44:52p A.... 139,264 136.00 K
pxwave.dll Mon Dec 15 2003 7:44:28p A.... 286,720 280.00 K
pxwma.dll Mon Dec 15 2003 7:45:46p A.... 86,016 84.00 K
qasf.dll Wed Dec 11 2002 6:34:40p A.... 241,664 236.00 K
qcap.dll Thu Dec 12 2002 1:14:32a A.... 177,152 173.00 K
qdv.dll Fri Jul 9 2004
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.


Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!

Regards,

Trevuren

  • 0

#9
nailpipe

nailpipe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
L2Mfix 1.03

Running From:
C:\Documents and Settings\ALEX11\Desktop\l2mfix



RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting registry permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry


Registry Permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER



Setting up for Reboot


Starting Reboot!

C:\Documents and Settings\ALEX11\Desktop\l2mfix
System Rebooted!

Running From:
C:\Documents and Settings\ALEX11\Desktop\l2mfix

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1264 'explorer.exe'
Killing PID 1264 'explorer.exe'
Error 0x5 : Access is denied.


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1304 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINNT\system32\aoi2edxx.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aoi2edxx.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aoi3d1ag.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aoi3d1ag.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aucups.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\aucups.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\CMYPTUI.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\CMYPTUI.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\fPxevent.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\fPxevent.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kudit142.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\kudit142.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lsrt.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lsrt.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lyexpand.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\lyexpand.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mw3216.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\mw3216.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\RQSigProc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\RQSigProc.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\shi.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\shi.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\SYP32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\SYP32.DLL
1 file(s) copied.
Backing Up: C:\WINNT\system32\twfflt.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\twfflt.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wanrnr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\wanrnr.dll
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
Backing Up: C:\WINNT\system32\guard.tmp
1 file(s) copied.
deleting: C:\WINNT\system32\aoi2edxx.dll
Successfully Deleted: C:\WINNT\system32\aoi2edxx.dll
deleting: C:\WINNT\system32\aoi2edxx.dll
Successfully Deleted: C:\WINNT\system32\aoi2edxx.dll
deleting: C:\WINNT\system32\aoi3d1ag.dll
Successfully Deleted: C:\WINNT\system32\aoi3d1ag.dll
deleting: C:\WINNT\system32\aoi3d1ag.dll
Successfully Deleted: C:\WINNT\system32\aoi3d1ag.dll
deleting: C:\WINNT\system32\aucups.dll
Successfully Deleted: C:\WINNT\system32\aucups.dll
deleting: C:\WINNT\system32\aucups.dll
Successfully Deleted: C:\WINNT\system32\aucups.dll
deleting: C:\WINNT\system32\CMYPTUI.DLL
Successfully Deleted: C:\WINNT\system32\CMYPTUI.DLL
deleting: C:\WINNT\system32\CMYPTUI.DLL
Successfully Deleted: C:\WINNT\system32\CMYPTUI.DLL
deleting: C:\WINNT\system32\fPxevent.dll
Successfully Deleted: C:\WINNT\system32\fPxevent.dll
deleting: C:\WINNT\system32\fPxevent.dll
Successfully Deleted: C:\WINNT\system32\fPxevent.dll
deleting: C:\WINNT\system32\kudit142.dll
Successfully Deleted: C:\WINNT\system32\kudit142.dll
deleting: C:\WINNT\system32\kudit142.dll
Successfully Deleted: C:\WINNT\system32\kudit142.dll
deleting: C:\WINNT\system32\lsrt.dll
Successfully Deleted: C:\WINNT\system32\lsrt.dll
deleting: C:\WINNT\system32\lsrt.dll
Successfully Deleted: C:\WINNT\system32\lsrt.dll
deleting: C:\WINNT\system32\lyexpand.dll
Successfully Deleted: C:\WINNT\system32\lyexpand.dll
deleting: C:\WINNT\system32\lyexpand.dll
Successfully Deleted: C:\WINNT\system32\lyexpand.dll
deleting: C:\WINNT\system32\mw3216.dll
Successfully Deleted: C:\WINNT\system32\mw3216.dll
deleting: C:\WINNT\system32\mw3216.dll
Successfully Deleted: C:\WINNT\system32\mw3216.dll
deleting: C:\WINNT\system32\RQSigProc.dll
Successfully Deleted: C:\WINNT\system32\RQSigProc.dll
deleting: C:\WINNT\system32\RQSigProc.dll
Successfully Deleted: C:\WINNT\system32\RQSigProc.dll
deleting: C:\WINNT\system32\shi.dll
Successfully Deleted: C:\WINNT\system32\shi.dll
deleting: C:\WINNT\system32\shi.dll
Successfully Deleted: C:\WINNT\system32\shi.dll
deleting: C:\WINNT\system32\SYP32.DLL
Successfully Deleted: C:\WINNT\system32\SYP32.DLL
deleting: C:\WINNT\system32\SYP32.DLL
Successfully Deleted: C:\WINNT\system32\SYP32.DLL
deleting: C:\WINNT\system32\twfflt.dll
Successfully Deleted: C:\WINNT\system32\twfflt.dll
deleting: C:\WINNT\system32\twfflt.dll
Successfully Deleted: C:\WINNT\system32\twfflt.dll
deleting: C:\WINNT\system32\wanrnr.dll
Successfully Deleted: C:\WINNT\system32\wanrnr.dll
deleting: C:\WINNT\system32\wanrnr.dll
Successfully Deleted: C:\WINNT\system32\wanrnr.dll
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp
deleting: C:\WINNT\system32\guard.tmp
Successfully Deleted: C:\WINNT\system32\guard.tmp


Zipping up files for submission:
adding: aoi2edxx.dll (152 bytes security) (deflated 48%)
adding: aoi3d1ag.dll (152 bytes security) (deflated 48%)
adding: aucups.dll (152 bytes security) (deflated 48%)
adding: CMYPTUI.DLL (152 bytes security) (deflated 48%)
adding: fPxevent.dll (152 bytes security) (deflated 48%)
adding: kudit142.dll (152 bytes security) (deflated 48%)
adding: lsrt.dll (152 bytes security) (deflated 48%)
adding: lyexpand.dll (152 bytes security) (deflated 48%)
adding: mw3216.dll (152 bytes security) (deflated 48%)
adding: RQSigProc.dll (152 bytes security) (deflated 48%)
adding: shi.dll (152 bytes security) (deflated 48%)
adding: SYP32.DLL (152 bytes security) (deflated 48%)
adding: twfflt.dll (152 bytes security) (deflated 48%)
adding: wanrnr.dll (152 bytes security) (deflated 48%)
adding: guard.tmp (152 bytes security) (deflated 48%)
adding: clear.reg (152 bytes security) (deflated 22%)
adding: echo.reg (152 bytes security) (deflated 8%)
adding: direct.txt (152 bytes security) (stored 0%)
adding: lo2.txt (152 bytes security) (deflated 86%)
adding: readme.txt (152 bytes security) (deflated 49%)
adding: report.txt (152 bytes security) (deflated 76%)
adding: test.txt (152 bytes security) (deflated 87%)
adding: test2.txt (152 bytes security) (stored 0%)
adding: test3.txt (152 bytes security) (stored 0%)
adding: test5.txt (152 bytes security) (stored 0%)
adding: xfind.txt (152 bytes security) (deflated 83%)
adding: backregs/4D4E063A-2908-4469-8FC7-1F8C623836EE.reg (152 bytes security) (deflated 70%)
adding: backregs/shell.reg (152 bytes security) (deflated 74%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

deleting local copy: aoi2edxx.dll
deleting local copy: aoi2edxx.dll
deleting local copy: aoi3d1ag.dll
deleting local copy: aoi3d1ag.dll
deleting local copy: aucups.dll
deleting local copy: aucups.dll
deleting local copy: CMYPTUI.DLL
deleting local copy: CMYPTUI.DLL
deleting local copy: fPxevent.dll
deleting local copy: fPxevent.dll
deleting local copy: kudit142.dll
deleting local copy: kudit142.dll
deleting local copy: lsrt.dll
deleting local copy: lsrt.dll
deleting local copy: lyexpand.dll
deleting local copy: lyexpand.dll
deleting local copy: mw3216.dll
deleting local copy: mw3216.dll
deleting local copy: RQSigProc.dll
deleting local copy: RQSigProc.dll
deleting local copy: shi.dll
deleting local copy: shi.dll
deleting local copy: SYP32.DLL
deleting local copy: SYP32.DLL
deleting local copy: twfflt.dll
deleting local copy: twfflt.dll
deleting local copy: wanrnr.dll
deleting local copy: wanrnr.dll
deleting local copy: guard.tmp
deleting local copy: guard.tmp

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINNT\system32\aoi2edxx.dll
C:\WINNT\system32\aoi2edxx.dll
C:\WINNT\system32\aoi3d1ag.dll
C:\WINNT\system32\aoi3d1ag.dll
C:\WINNT\system32\aucups.dll
C:\WINNT\system32\aucups.dll
C:\WINNT\system32\CMYPTUI.DLL
C:\WINNT\system32\CMYPTUI.DLL
C:\WINNT\system32\fPxevent.dll
C:\WINNT\system32\fPxevent.dll
C:\WINNT\system32\kudit142.dll
C:\WINNT\system32\kudit142.dll
C:\WINNT\system32\lsrt.dll
C:\WINNT\system32\lsrt.dll
C:\WINNT\system32\lyexpand.dll
C:\WINNT\system32\lyexpand.dll
C:\WINNT\system32\mw3216.dll
C:\WINNT\system32\mw3216.dll
C:\WINNT\system32\RQSigProc.dll
C:\WINNT\system32\RQSigProc.dll
C:\WINNT\system32\shi.dll
C:\WINNT\system32\shi.dll
C:\WINNT\system32\SYP32.DLL
C:\WINNT\system32\SYP32.DLL
C:\WINNT\system32\twfflt.dll
C:\WINNT\system32\twfflt.dll
C:\WINNT\system32\wanrnr.dll
C:\WINNT\system32\wanrnr.dll
C:\WINNT\system32\guard.tmp
C:\WINNT\system32\guard.tmp

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4D4E063A-2908-4469-8FC7-1F8C623836EE}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4D4E063A-2908-4469-8FC7-1F8C623836EE}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************



Logfile of HijackThis v1.99.1
Scan saved at 5:10:57 PM, on 6/28/2002
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\Tablet.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ALEX11\Application Data\Mozilla\Profiles\default\te2uwnao.slt\prefs.js)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINNT\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati.../00/alttiff.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.../ST/ActiveX.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINNT\system32\Tablet.exe
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
That sure cleaned out a lot of bad stuff. By the way, the folder that was created to contain the files to be zipped may be deleted NOW.

Try your system and tell me how things are going now.

Thanks,

Trevuren

  • 0

#11
nailpipe

nailpipe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
No problems have popped up as of yet, its looking good.. even a game that was not working is now suddenly fixed! I think that got it, thanks very much.
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


2. Finally, Re-hide your System Files and Folders to prevent any future accidents.


Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#13
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP