| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 56426 | 2005-04-04 10:45:00 | Please Help, this spyware is relentless!!! | MasturJeff (7803) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 341639 | 2005-04-05 03:39:00 | Here's another lm2fix log L2MFIX find log 1.03 These are the registry keys present ************************************************** ******************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00, 2e,00,64,00,6c,00,\ 6c,00,00,00 "Logoff"="ChainWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] "Asynchronous"=dword:00000000 "Impersonate"=dword:00000000 "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00, 74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 "Logoff"="CryptnetWlxLogoffEvent" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" "Logon"="WinlogonLogonEvent" "Logoff"="WinlogonLogoffEvent" "ScreenSaver"="WinlogonScreenSaverEvent" "Startup"="WinlogonStartupEvent" "Shutdown"="WinlogonShutdownEvent" "StartShell"="WinlogonStartShellEvent" "Impersonate"=dword:00000000 "Asynchronous"=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\dn0801due.dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" ************************************************** ******************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform] "{011C8C30-CFF9-986F-018A-F6F560BA8614}"="" ************************************************** ******************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved] "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet" "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management" "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page" "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page" "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing" "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension" "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension" "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension" "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension" "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page" "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page" "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler" "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension" "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects" "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management" "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management" "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression" "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension" "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI" "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu" "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase" "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext" "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts" "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile" "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page" "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing" "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension" "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension" "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension" "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections" "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections" "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras" "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras" "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras" "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras" "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras" "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension" "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host" "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link" "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler" "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension" "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks" "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu" "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search" "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support" "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..." "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet" "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail" "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts" "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools" "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler" "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler" "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler" "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler" "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler" "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor" "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar" "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status" "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder" "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2" "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy" "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand" "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band" "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band" "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search" "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search" "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility" "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address" "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox" "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete" "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor" "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List" "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List" "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible" "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar" "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser" "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List" "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List" "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container" "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu" "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp" "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar" "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite" "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist" "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings" "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band" "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service" "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer" "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture" "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut" "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service" "{FF393560-C2A7-11CF-BFF4-444553540000}"="History" "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook" "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen" "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook" "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC" "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC" "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet" "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space" "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band" "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service" "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder" "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck" "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr" "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder" "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler" "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent" "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent" "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent" "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent" "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent" "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler" "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager" "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator" "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher" "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs" "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory" "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor" "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)" "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor" "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler" "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard" "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web" "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object" "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard" "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts" "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler" "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target" "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File" "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut" "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object" "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu" "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties" "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview" "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext" "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control" "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control" "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control" "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control" "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control" "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI" "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object" "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find" "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find" "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI" "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs" "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook" "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target" "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties" "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu" "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options" "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder" "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler" "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell" "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%" "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler" "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer" "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..." "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler" "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler" "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler" "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player" "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}"="SampleView" "{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache" "{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer" "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu" "{FED7043D-346A-414D-ACD7-550D052499A7}"="dBpowerAMP Music Converter 1" "{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5}"="dBpowerAMP Music Converter" "{1E2CDF40-419B-11D2-A5A1-002018648BA7}"="AVG Shell Extension" "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders" "{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler" "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler" "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension" "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults" "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page" "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions" "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder" "{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}"="MediaFace extension" "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices" "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu" "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension" "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension" "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension" "{415103ED-C662-4A6E-8E32-EF9F69C3898B}"="" ************************************************** ******************************** HKEY ROOT CLASSIDS: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\CLSID\{415103ED-C662-4A6E-8E32-EF9F69C3898B}] @="" [HKEY_CLASSES_ROOT\CLSID\{415103ED-C662-4A6E-8E32-EF9F69C3898B}\Implemented Categories] @="" [HKEY_CLASSES_ROOT\CLSID\{415103ED-C662-4A6E-8E32-EF9F69C3898B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}] @="" [HKEY_CLASSES_ROOT\CLSID\{415103ED-C662-4A6E-8E32-EF9F69C3898B}\InprocServer32] @="C:\\WINDOWS\\system32\\hwtpapi.dll" "ThreadingModel"="Apartment" ************************************************** ******************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ browseui.dll Thu Jan 27 2005 1:13:16p A.... 1,016,832 993.00 K cdfview.dll Thu Jan 27 2005 1:13:16p A.... 151,040 147.50 K dn0801~1.dll Mon Apr 4 2005 1:32:06p ..S.R 234,049 228.56 K enlql1~1.dll Mon Apr 4 2005 9:48:02p ..S.R 233,248 227.78 K gccoll~1.dll Thu Feb 10 2005 10:32:20p A.... 119,520 116.72 K gcmd5q~1.dll Sun Apr 3 2005 9:16:56p A.... 10,752 10.50 K gcunco~1.dll Thu Feb 10 2005 10:32:20p A.... 130,272 127.22 K gwfspi~1.dll Fri Jan 28 2005 3:37:58p A.... 23,304 22.76 K hashlib.dll Thu Feb 10 2005 10:32:18p A.... 81,120 79.22 K hwtpapi.dll Mon Apr 4 2005 9:54:02p ..S.R 234,049 228.56 K iepeers.dll Thu Jan 27 2005 1:13:16p A.... 249,856 244.00 K inseng.dll Thu Jan 27 2005 1:13:16p A.... 96,256 94.00 K j0l4la~1.dll Mon Apr 4 2005 4:55:48a ..S.R 234,678 229.18 K micr0st.dll Sun Feb 27 2005 8:13:28p A.... 4 0.00 K mshtml.dll Thu Jan 27 2005 1:13:18p A.... 3,006,976 2.87 M ole32.dll Fri Jan 14 2005 4:55:50a A.... 1,285,120 1.22 M olecli32.dll Fri Jan 14 2005 4:55:50a A.... 74,752 73.00 K olecnv32.dll Fri Jan 14 2005 4:55:50a A.... 37,888 37.00 K p28q0c~1.dll Mon Apr 4 2005 4:45:10a ..S.R 233,248 227.78 K pndx5016.dll Sun Feb 27 2005 5:21:56a A.... 6,656 6.50 K pndx5032.dll Sun Feb 27 2005 5:21:56a A.... 5,632 5.50 K rmoc3260.dll Sun Feb 27 2005 5:22:18a A.... 176,167 172.04 K rpcss.dll Fri Jan 14 2005 4:55:50a A.... 395,776 386.50 K shdocvw.dll Thu Jan 27 2005 1:13:18p A.... 1,483,264 1.41 M shlwapi.dll Thu Jan 27 2005 1:13:18p A.... 473,600 462.50 K urlmon.dll Thu Jan 27 2005 1:13:18p A.... 607,744 593.50 K wininet.dll Thu Jan 27 2005 1:13:18p A.... 656,896 641.50 K 27 items found: 27 files (5 H/S), 0 directories. Total of file sizes: 11,258,699 bytes 10.73 M Locate .tmp files: No matches found. ************************************************** ******************************** Directory Listing of system files: Volume in drive C is PRESARIO Volume Serial Number is C052-63FF Directory of C:\WINDOWS\System32 04/04/2005 09:54 PM 234,049 hwtpapi.dll 04/04/2005 09:48 PM 233,248 enlql1351.dll 04/04/2005 01:32 PM 234,049 dn0801due.dll 04/04/2005 04:55 AM 234,678 j0l4la3q1d.dll 04/04/2005 04:45 AM 233,248 p28q0cl5efq.dll 04/04/2005 03:29 AM 10,022 KGyGaAvL.sys 03/13/2005 04:04 AM <DIR> dllcache 04/12/2004 05:24 AM <DIR> Microsoft 03/19/2003 01:17 PM 32 {B12F4FE3-893D-4750-9C34-320B34E138BF}.dat 7 File(s) 1,179,326 bytes 2 Dir(s) 39,400,251,392 bytes free |
MasturJeff (7803) | ||
| 341640 | 2005-04-05 03:42:00 | See if that h62olgf3162.dll is in task manager. If it is kill its process then tick the entry in hijackthis.... You may have to reboot to see if it has been deleted once u tick it then fix it. See if this helps to remove NIS completely service1.symantec.com |
Speedy Gonzales (78) | ||
| 341641 | 2005-04-05 03:50:00 | See if that h62olgf3162 . dll is in task manager . If it is kill its process then tick the entry in hijackthis . . . . You may have to reboot to see if it has been deleted once u tick it then fix it . See if this helps to remove NIS completely . symantec . com/SUPPORT/tsgeninfo . nsf/docid/2004093015165236?Open&src=&docid=2004092315151236&nsf=nip . nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=" target="_blank">service1 . symantec . com h62olgf3162 . dll was changed to another file when i restarted the PC a few minute ago . |
MasturJeff (7803) | ||
| 341642 | 2005-04-05 04:09:00 | run msconfig, untick anything suspect then reboot into SAFEMODE. run hijack this and delete the items. also give adaware etc a run while in safe mode. also it pays to have "hide known file types" etc turned off so you can veiw all files. clean out any temp folders etc (see FAQ). make sure you do not have net access while doing all this. |
tweak'e (69) | ||
| 341643 | 2005-04-05 04:15:00 | run msconfig, untick anything suspect then reboot into SAFEMODE. run hijack this and delete the items. also give adaware etc a run while in safe mode. also it pays to have "hide known file types" etc turned off so you can veiw all files. clean out any temp folders etc (see FAQ). make sure you do not have net access while doing all this. k, going to unhook the cord from my router |
MasturJeff (7803) | ||
| 341644 | 2005-04-05 04:56:00 | I have a feeling these files are the culprits dn0801~1 . dll Mon Apr 4 2005 1:32:06p . . S . R 234,049 228 . 56 K enlql1~1 . dll Mon Apr 4 2005 9:48:02p . . S . R 233,248 227 . 78 K gccoll~1 . dll Thu Feb 10 2005 10:32:20p A . . . . 119,520 116 . 72 K gcmd5q~1 . dll Sun Apr 3 2005 9:16:56p A . . . . 10,752 10 . 50 K gcunco~1 . dll Thu Feb 10 2005 10:32:20p A . . . . 130,272 127 . 22 K gwfspi~1 . dll Fri Jan 28 2005 3:37:58p A . . . . 23,304 22 . 76 K hashlib . dll Thu Feb 10 2005 10:32:18p A . . . . 81,120 79 . 22 K hwtpapi . dll Mon Apr 4 2005 9:54:02p . . S . R 234,049 228 . 56 K j0l4la~1 . dll Mon Apr 4 2005 4:55:48a . . S . R 234,678 229 . 18 K micr0st . dll Sun Feb 27 2005 8:13:28p A . . . . 4 0 . 00 K p28q0c~1 . dll Mon Apr 4 2005 4:45:10a . . S . R 233,248 227 . 78 K pndx5016 . dll Sun Feb 27 2005 5:21:56a A . . . . 6,656 6 . 50 K pndx5032 . dll Sun Feb 27 2005 5:21:56a A . . . . 5,632 5 . 50 K (Leave these 2 for now) . 04/04/2005 09:48 PM 233,248 enlql1351 . dll 04/04/2005 01:32 PM 234,049 dn0801due . dll 04/04/2005 04:55 AM 234,678 j0l4la3q1d . dll 04/04/2005 04:45 AM 233,248 p28q0cl5efq . dll And these look suss . 04/04/2005 09:48 PM 233,248 enlql1351 . dll 04/04/2005 01:32 PM 234,049 dn0801due . dll 04/04/2005 04:55 AM 234,678 j0l4la3q1d . dll 04/04/2005 04:45 AM 233,248 p28q0cl5efq . dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\dn0801due . dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" According to google dn0801due . dll maybe a random changing file . I would try trojan remover . simplysup . com/tremover/" target="_blank">www . simplysup . com Download / update and scan . Also select the utilities menu and click on the 3rd/4th/5th/6th option . Just to make sure . Close the browser/s before u do this . |
Speedy Gonzales (78) | ||
| 341645 | 2005-04-05 05:24:00 | I have a feeling these files are the culprits dn0801~1 . dll Mon Apr 4 2005 1:32:06p . . S . R 234,049 228 . 56 K enlql1~1 . dll Mon Apr 4 2005 9:48:02p . . S . R 233,248 227 . 78 K gccoll~1 . dll Thu Feb 10 2005 10:32:20p A . . . . 119,520 116 . 72 K gcmd5q~1 . dll Sun Apr 3 2005 9:16:56p A . . . . 10,752 10 . 50 K gcunco~1 . dll Thu Feb 10 2005 10:32:20p A . . . . 130,272 127 . 22 K gwfspi~1 . dll Fri Jan 28 2005 3:37:58p A . . . . 23,304 22 . 76 K hashlib . dll Thu Feb 10 2005 10:32:18p A . . . . 81,120 79 . 22 K hwtpapi . dll Mon Apr 4 2005 9:54:02p . . S . R 234,049 228 . 56 K j0l4la~1 . dll Mon Apr 4 2005 4:55:48a . . S . R 234,678 229 . 18 K micr0st . dll Sun Feb 27 2005 8:13:28p A . . . . 4 0 . 00 K p28q0c~1 . dll Mon Apr 4 2005 4:45:10a . . S . R 233,248 227 . 78 K pndx5016 . dll Sun Feb 27 2005 5:21:56a A . . . . 6,656 6 . 50 K pndx5032 . dll Sun Feb 27 2005 5:21:56a A . . . . 5,632 5 . 50 K (Leave these 2 for now) . 04/04/2005 09:48 PM 233,248 enlql1351 . dll 04/04/2005 01:32 PM 234,049 dn0801due . dll 04/04/2005 04:55 AM 234,678 j0l4la3q1d . dll 04/04/2005 04:45 AM 233,248 p28q0cl5efq . dll And these look suss . 04/04/2005 09:48 PM 233,248 enlql1351 . dll 04/04/2005 01:32 PM 234,049 dn0801due . dll 04/04/2005 04:55 AM 234,678 j0l4la3q1d . dll 04/04/2005 04:45 AM 233,248 p28q0cl5efq . dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions] "Asynchronous"=dword:00000000 "DllName"="C:\\WINDOWS\\system32\\dn0801due . dll" "Impersonate"=dword:00000000 "Logon"="WinLogon" "Logoff"="WinLogoff" "Shutdown"="WinShutdown" According to google dn0801due . dll maybe a random changing file . I would try trojan remover . simplysup . com/tremover/" target="_blank">www . simplysup . com Download / update and scan . Also select the utilities menu and click on the 3rd/4th/5th/6th option . Just to make sure . Close the browser/s before u do this . How am I supposed to delete these? :confused: THe ones you mentioned other than the random changing file . |
MasturJeff (7803) | ||
| 341646 | 2005-04-05 05:32:00 | run msconfig, untick anything suspect then reboot into SAFEMODE. run hijack this and delete the items. also give adaware etc a run while in safe mode. also it pays to have "hide known file types" etc turned off so you can veiw all files. clean out any temp folders etc (see FAQ). make sure you do not have net access while doing all this. Ok this is weird. I went into safemode, disconnected from the internet. I ran hijacklog and the files still wouldn't delete. THen I ran adware se for a good 45 minutes, deleted 16 critical objects. Went back into normal mode tried to post this paragraph and the PC just rebooted by itself. |
MasturJeff (7803) | ||
| 341647 | 2005-04-05 05:34:00 | I was running a smooth popup free internet session for 10 minutes, and one of the bastardos comes up. :( | MasturJeff (7803) | ||
| 341648 | 2005-04-05 05:39:00 | Edit: my reply been posted while I was reading | Myth (110) | ||
| 1 2 3 4 5 6 7 8 9 10 11 | |||||