Results 1 to 10 of 16

Thread: Spy Sheriff Pop Ups

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member KanMan's Avatar
    Join Date
    Dec 2005
    Posts
    0

    Default Spy Sheriff Pop Ups

    saw a few threads with people having the same problem as me so I thought I'd post.

    I was also infected with this Spy Sheriff... it came with a wallpaper that said "SPYWARE INFECTION" in a black box and I was unable to change the wallpaper. Today I got rid of that and most of spy sheriff and the stuff that came with it. All thats wrong now is the overload of pop ups in Firefox 1.5. Every 10 seconds i get poker, who's this star?, car ads, ps3 sweepstakes, and venus match maker ads etc. Each one opens in a new tab which is probably why firefox is not blocking it. Ocassionaly I get a animation ad pop up on the screen with no tab or window just a weird shape with a car ad in it or something. It's really annoying I've tried most everything and I look clean i can't find any fishy things so maybe you can help!?

    heres a fresh HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:25:14 PM, on 12/28/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Updater.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Documents and Settings\Zachie\My Documents\RegSeeker[1]\RegSeeker\RegSeeker.exe
    C:\Documents and Settings\Zachie\My Documents\hijackthis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\l2j8lc1u1f.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    Last edited by KanMan; 2005-12-29 at 06:46.

  2. #2
    Junior Member KanMan's Avatar
    Join Date
    Dec 2005
    Posts
    0

    Default

    bump

    i know it probably looks clean but there has to be something
    hiding about

  3. #3
    Junior Member KanMan's Avatar
    Join Date
    Dec 2005
    Posts
    0

    Default

    bump

    plz anyone this is basically my last resort

  4. #4
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi Kenman

    Did you run smitrem while in safe mode as mentioned here ?
    http://forums.spybot.info/showthread.php?t=1316
    If not do that , those infections can infect a lagitamat windows file that needs to be cleaned, post the smitfiles.txt when finished.



    Start Hijackthis and place a check next to these items If there.
    O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
    Hit fix checked and close Hijackthis.
    Restart the PC
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download L2mfix (new version) from one of these two locations:
    http://www.atribune.org/downloads/l2mfix.exe
    http://www.downloads.subratam.org/l2mfix.exe
    Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.
    Note:
    If you receive while running option #1, an error similar to: ''C:\windows\system32\cmd.exe
    C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.
    If it is to large to post in one reply do so in two please

  5. #5
    Junior Member KanMan's Avatar
    Join Date
    Dec 2005
    Posts
    0

    Default

    I knew u'd help Lonny!!!! thanks

    smitrem log:


    smitRem log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Sat 12/31/2005
    The current time is: 0:00:25.50

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 1008 'explorer.exe'

    Starting registry repairs

    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN!

  6. #6
    Junior Member KanMan's Avatar
    Join Date
    Dec 2005
    Posts
    0

    Default

    L2MFIX LOG

    L2MFIX find log 122705
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate]
    "DllName"="msupdate32.dll"
    "Startup"="WinlogonStartupEvent"
    "Asynchronous"=dword:00000001
    "Impersonate"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Shell Extensions]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\lvl6093se.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\PROGRA~1\\Stardock\\OBJECT~1\\WINDOW~1\\fastload.dll"
    "Startup"="StartSys"
    "Logon"="StartWB"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{707AA1FA-88A5-94E7-49AE-FB2D3633FDF3}"=""

    **********************************************************************************
    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{2F5AC606-70CF-461C-BFE1-734234536262}"="WindowBlinds CPL Extension"
    "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
    "{9DAECC89-B1B8-4BA8-BD7B-6827A83C3621}"="MuVo NX-TX Media Explorer"
    "{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
    "{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}"=""
    "{E435B177-99C8-42D8-BC55-517484CCDF7E}"=""
    "{3231C778-1C8F-46B8-9A5B-2BADB450823C}"=""
    "{6BAF5293-0EDC-4374-901B-C9E95E2DD870}"=""
    "{C61B790D-BE64-4C35-9EC4-186410210822}"=""
    "{B32769A7-A83D-4B51-BF47-1F9382F49FF1}"=""
    "{6FAA6132-3F8D-479A-987F-49BF39F12231}"=""
    "{59105604-1409-4D02-9A1C-C0D587743E98}"=""

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wqnetmgr.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\DWINTF.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\KEDLT1.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}\InprocServer32]
    @="C:\\WINDOWS\\system32\\petorsvc.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{514AC3AF-D8B0-4992-B3AF-293C52F5E30B}\InprocServer32]
    @="C:\\WINDOWS\\system32\\wqnetmgr.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{3231C778-1C8F-46B8-9A5B-2BADB450823C}\InprocServer32]
    @="C:\\WINDOWS\\system32\\DWINTF.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{B32769A7-A83D-4B51-BF47-1F9382F49FF1}\InprocServer32]
    @="C:\\WINDOWS\\system32\\KEDLT1.DLL"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{6FAA6132-3F8D-479A-987F-49BF39F12231}\InprocServer32]
    @="C:\\WINDOWS\\system32\\guard.tmp"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{59105604-1409-4D02-9A1C-C0D587743E98}\InprocServer32]
    @="C:\\WINDOWS\\system32\\petorsvc.dll"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    04cgqrom.dll Tue Dec 27 2005 4:59:34p A.... 41,984 41.00 K
    bassmod.dll Fri Nov 25 2005 4:10:44p A.... 34,308 33.50 K
    browseui.dll Wed Nov 23 2005 5:06:34p A.... 1,022,464 998.50 K
    bwhci.dll Sat Dec 31 2005 3:24:56a ..S.R 234,272 228.78 K
    cdfview.dll Thu Oct 20 2005 7:39:26p A.... 151,040 147.50 K
    d80m0i~1.dll Fri Dec 30 2005 11:57:02p ..S.R 234,743 229.24 K
    danim.dll Fri Nov 4 2005 7:16:24p A.... 1,054,208 1.00 M
    ddauth.dll Sat Dec 31 2005 12:16:26a ..S.R 234,272 228.78 K
    dktmsft3.dll Sat Dec 31 2005 3:41:30a ..S.R 234,272 228.78 K
    dpl100.dll Thu Oct 27 2005 11:37:46a A.... 86,016 84.00 K
    dpu10.dll Thu Oct 27 2005 11:37:44a A.... 294,912 288.00 K
    dpu11.dll Thu Oct 27 2005 11:37:44a A.... 294,912 288.00 K
    dpugui10.dll Thu Oct 27 2005 11:37:48a A.... 53,248 52.00 K
    dpugui11.dll Thu Oct 27 2005 11:37:46a A.... 593,920 580.00 K
    dpus11.dll Thu Oct 27 2005 11:37:44a A.... 339,968 332.00 K
    dpv11.dll Thu Oct 27 2005 11:37:44a A.... 57,344 56.00 K
    dtu100.dll Thu Oct 27 2005 11:37:44a A.... 200,704 196.00 K
    dxtrans.dll Thu Oct 20 2005 7:39:28p A.... 205,312 200.50 K
    enpul1~1.dll Thu Dec 29 2005 8:29:46p ..S.R 235,082 229.57 K
    esent.dll Thu Oct 20 2005 2:20:04p A.... 1,082,368 1.03 M
    extmgr.dll Thu Oct 20 2005 7:39:28p ..... 55,808 54.50 K
    gdi32.dll Wed Oct 5 2005 7:09:36p A.... 280,064 273.50 K
    gpr2l3~1.dll Thu Dec 29 2005 11:52:42a ..S.R 234,272 228.78 K
    hr0u05~1.dll Wed Dec 28 2005 8:41:06p ..S.R 235,177 229.66 K
    i6240g~1.dll Wed Dec 28 2005 6:06:54p ..S.R 234,698 229.20 K
    iepeers.dll Thu Oct 20 2005 7:39:28p A.... 251,392 245.50 K
    ijm32.dll Sat Dec 31 2005 3:42:24a ..S.R 234,272 228.78 K
    il32_32.dll Sat Dec 31 2005 3:34:40a ..S.R 234,272 228.78 K
    inseng.dll Thu Oct 20 2005 7:39:28p A.... 96,256 94.00 K
    ipetcomm.dll Sat Dec 31 2005 3:11:36a ..S.R 234,272 228.78 K
    isjp81k.dll Sat Dec 31 2005 4:20:14a ..S.R 234,272 228.78 K
    itrdbg32.dll Sat Dec 31 2005 4:05:28a ..S.R 234,272 228.78 K
    iuq.dll Sat Dec 31 2005 2:56:46a ..S.R 234,272 228.78 K
    izsecsvc.dll Sat Dec 31 2005 4:35:44a ..S.R 234,272 228.78 K
    k6pmlg~1.dll Thu Dec 29 2005 9:14:42p ..S.R 235,448 229.93 K
    kedlt1.dll Thu Dec 29 2005 9:07:34a ..S.R 234,272 228.78 K
    l6r00g~1.dll Thu Dec 29 2005 12:22:28a ..S.R 234,272 228.78 K
    m0ju0a~1.dll Fri Dec 30 2005 12:32:42p ..S.R 235,182 229.67 K
    mhpmsnsv.dll Sat Dec 31 2005 12:04:14a ..S.R 234,272 228.78 K
    mshtml.dll Wed Nov 23 2005 5:06:34p A.... 3,015,680 2.88 M
    mshtmled.dll Thu Oct 20 2005 7:39:30p A.... 448,512 438.00 K
    msrating.dll Thu Oct 20 2005 7:39:30p A.... 146,432 143.00 K
    mstime.dll Thu Oct 20 2005 7:39:30p A.... 530,944 518.50 K
    msupda~1.dll Wed Dec 28 2005 2:12:52a ..... 473,088 462.00 K
    petorsvc.dll Fri Dec 30 2005 12:32:42p ..S.R 234,272 228.78 K
    pjdgen.dll Sat Dec 31 2005 4:38:44a ..S.R 234,272 228.78 K
    pngfilt.dll Thu Oct 20 2005 7:39:30p A.... 39,424 38.50 K
    pxnppagn.dll Sat Dec 31 2005 3:45:46a ..S.R 234,272 228.78 K
    q8ps0i~1.dll Thu Dec 29 2005 12:21:28a ..S.R 235,050 229.54 K
    rbsapi32.dll Sat Dec 31 2005 3:37:58a ..S.R 234,272 228.78 K
    rcvpsp.dll Sat Dec 31 2005 4:23:56a ..S.R 234,272 228.78 K
    repair~1.dll Tue Dec 27 2005 5:05:50p A.... 85,504 83.50 K
    shdocvw.dll Wed Nov 30 2005 7:59:30p A.... 1,492,480 1.42 M
    shlwapi.dll Thu Oct 20 2005 7:39:30p A.... 473,600 462.50 K
    spmsg.dll Wed Oct 12 2005 3:12:26p ..... 14,048 13.72 K
    ulrsdpia.dll Sat Dec 31 2005 4:47:50a ..S.R 234,272 228.78 K
    urlmon.dll Fri Nov 4 2005 7:16:28p A.... 609,280 595.00 K
    wininet.dll Thu Oct 20 2005 7:39:30p A.... 658,432 643.00 K
    wqnetmgr.dll Fri Dec 30 2005 11:59:20p ..S.R 234,272 228.78 K
    wwnsta.dll Sat Dec 31 2005 4:32:50a ..S.R 234,272 228.78 K

    60 items found: 60 files (29 H/S), 0 directories.
    Total of file sizes: 20,983,016 bytes 20.01 M
    Locate .tmp files:

    C:\WINDOWS\SYSTEM32\
    guard.tmp Sat Dec 31 2005 4:15:30a ..S.R 234,272 228.78 K

    1 item found: 1 file (1 H/S), 0 directories.
    Total of file sizes: 234,272 bytes 228.78 K
    **********************************************************************************
    Directory Listing of system files:
    Volume in drive C has no label.
    Volume Serial Number is 0CF3-0D62

    Directory of C:\WINDOWS\System32

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •