Page 5 of 8 FirstFirst 12345678 LastLast
Results 41 to 50 of 80

Thread: Another Hijackthis to bore you

  1. 2005-11-24, 07:10 #41
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    OK nice one
    thanks for all you have done so far
  2. 2005-11-24, 07:25 #42
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    This is inside the FindL2m folder
  3. 2005-11-24, 07:41 #43
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    After running the batch file
    The errors are just below

    C:\Documents and Settings\Darren Clarke\Desktop\FindL2M>if not exist "C:\WIN
    \System32\XCACLS.exe" copy XCACLS.exe "C:\WINDOWS\System32" 1>nul

    C:\Documents and Settings\Darren Clarke\Desktop\FindL2M>cd C:\WINDOWS\system

    C:\WINDOWS\system32>XCACLS CMCUI.DLL /P ADMINISTRATOR:F /Y
    ERROR: The system cannot find the file specified.

    C:\WINDOWS\system32>XCACLS FPR403~1.DLL /P ADMINISTRATOR:F /Y
    ERROR: The system cannot find the file specified.

    C:\WINDOWS\system32>XCACLS IR8QL5~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\ir8ql5l51.dll

    C:\WINDOWS\system32>XCACLS EN6UL1~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\en6ul1j91.dll

    C:\WINDOWS\system32>XCACLS ENPOL1~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\enpol1731.dll

    C:\WINDOWS\system32>XCACLS ENPUL1~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\enpul1791.dll

    C:\WINDOWS\system32>XCACLS DN6801~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\dn6801jue.dll

    C:\WINDOWS\system32>XCACLS HR2M05~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\hr2m05f1e.dll

    C:\WINDOWS\system32>XCACLS IWNATHLP.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\iwnathlp.dll

    C:\WINDOWS\system32>XCACLS IYNATHLP.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\iynathlp.dll

    C:\WINDOWS\system32>XCACLS KTR4L7~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\ktr4l79q1.dll

    C:\WINDOWS\system32>XCACLS L0N4LA~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\l0n4la5q1d.dll

    C:\WINDOWS\system32>XCACLS P24ULC~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\p24ulch91f4.dll

    C:\WINDOWS\system32>XCACLS SIBCSP.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\sibcsp.dll

    C:\WINDOWS\system32>XCACLS SQTUPDLL.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\sqtupdll.dll

    C:\WINDOWS\system32>echo crappie 1>guard.tmp
    Access is denied.

    C:\WINDOWS\system32>XCACLS guard.tmp /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\guard.tmp

    C:\WINDOWS\system32>echo Finished, restart the PC
    Finished, restart the PC

    C:\WINDOWS\system32>pause
    Press any key to continue . . .
  4. 2005-11-24, 13:52 #44
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    FindL2M search at log on

    C:\Documents and Settings\Darren Clarke\Desktop\FindL2M\FindL2M>if no
    \WINDOWS\System32\XCACLS.exe" copy XCACLS.exe "C:\WINDOWS\System32"

    C:\Documents and Settings\Darren Clarke\Desktop\FindL2M\FindL2M>cd C:
    stem32

    C:\WINDOWS\system32>XCACLS CMCUI.DLL /P ADMINISTRATOR:F /Y
    ERROR: The system cannot find the file specified.

    C:\WINDOWS\system32>XCACLS FPR403~1.DLL /P ADMINISTRATOR:F /Y
    ERROR: The system cannot find the file specified.

    C:\WINDOWS\system32>XCACLS IR8QL5~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\ir8ql5l51.dll

    C:\WINDOWS\system32>XCACLS EN6UL1~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\en6ul1j91.dll

    C:\WINDOWS\system32>XCACLS ENPOL1~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\enpol1731.dll

    C:\WINDOWS\system32>XCACLS ENPUL1~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\enpul1791.dll

    C:\WINDOWS\system32>XCACLS DN6801~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\dn6801jue.dll

    C:\WINDOWS\system32>XCACLS HR2M05~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\hr2m05f1e.dll

    C:\WINDOWS\system32>XCACLS IWNATHLP.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\iwnathlp.dll

    C:\WINDOWS\system32>XCACLS IYNATHLP.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\iynathlp.dll

    C:\WINDOWS\system32>XCACLS KTR4L7~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\ktr4l79q1.dll

    C:\WINDOWS\system32>XCACLS L0N4LA~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\l0n4la5q1d.dll

    C:\WINDOWS\system32>XCACLS P24ULC~1.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\p24ulch91f4.dll

    C:\WINDOWS\system32>XCACLS SIBCSP.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\sibcsp.dll

    C:\WINDOWS\system32>XCACLS SQTUPDLL.DLL /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\sqtupdll.dll

    C:\WINDOWS\system32>echo crappie 1>guard.tmp

    C:\WINDOWS\system32>XCACLS guard.tmp /P ADMINISTRATOR:F /Y
    processed file: C:\WINDOWS\system32\guard.tmp

    C:\WINDOWS\system32>echo Finished, restart the PC
    Finished, restart the PC

    C:\WINDOWS\system32>pause
    Press any key to continue . . .
  5. 2005-11-24, 13:55 #45
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    L2MFIX find log 1.99
    These are the registry keys present
    **********************************************************************************
    Winlogon/notify:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
    6c,00,00,00
    "Logoff"="ChainWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    "Asynchronous"=dword:00000000
    "Impersonate"=dword:00000000
    "DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Logoff"="CryptnetWlxLogoffEvent"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    "DLLName"="cscdll.dll"
    "Logon"="WinlogonLogonEvent"
    "Logoff"="WinlogonLogoffEvent"
    "ScreenSaver"="WinlogonScreenSaverEvent"
    "Startup"="WinlogonStartupEvent"
    "Shutdown"="WinlogonShutdownEvent"
    "StartShell"="WinlogonStartShellEvent"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\WXDRMNet.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
    "Asynchronous"=dword:00000000
    "DllName"="C:\\WINDOWS\\system32\\hrr6059se.dll"
    "Impersonate"=dword:00000000
    "Logon"="WinLogon"
    "Logoff"="WinLogoff"
    "Shutdown"="WinShutdown"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    "DLLName"="wlnotify.dll"
    "Logon"="SCardStartCertProp"
    "Logoff"="SCardStopCertProp"
    "Lock"="SCardSuspendCertProp"
    "Unlock"="SCardResumeCertProp"
    "Enabled"=dword:00000001
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "StartShell"="SchedStartShell"
    "Logoff"="SchedEventLogOff"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    "Logoff"="WLEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000001
    "DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    "DLLName"="WlNotify.dll"
    "Lock"="SensLockEvent"
    "Logon"="SensLogonEvent"
    "Logoff"="SensLogoffEvent"
    "Safe"=dword:00000001
    "MaxWait"=dword:00000258
    "StartScreenSaver"="SensStartScreenSaverEvent"
    "StopScreenSaver"="SensStopScreenSaverEvent"
    "Startup"="SensStartupEvent"
    "Shutdown"="SensShutdownEvent"
    "StartShell"="SensStartShellEvent"
    "PostShell"="SensPostShellEvent"
    "Disconnect"="SensDisconnectEvent"
    "Reconnect"="SensReconnectEvent"
    "Unlock"="SensUnlockEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001
  6. 2005-11-24, 13:57 #46
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    part 2


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    "Asynchronous"=dword:00000000
    "DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
    6c,00,6c,00,00,00
    "Impersonate"=dword:00000000
    "Logoff"="TSEventLogoff"
    "Logon"="TSEventLogon"
    "PostShell"="TSEventPostShell"
    "Shutdown"="TSEventShutdown"
    "StartShell"="TSEventStartShell"
    "Startup"="TSEventStartup"
    "MaxWait"=dword:00000258
    "Reconnect"="TSEventReconnect"
    "Disconnect"="TSEventDisconnect"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    "DLLName"="wlnotify.dll"
    "Logon"="RegisterTicketExpiredNotificationEvent"
    "Logoff"="UnregisterTicketExpiredNotificationEvent"
    "Impersonate"=dword:00000001
    "Asynchronous"=dword:00000001

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    "DLLName"="wzcdlg.dll"
    "Logon"="WZCEventLogon"
    "Logoff"="WZCEventLogoff"
    "Impersonate"=dword:00000000
    "Asynchronous"=dword:00000000


    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-NI) ALLOW Read BUILTIN\Users
    (ID-IO) ALLOW Read BUILTIN\Users
    (ID-NI) ALLOW Full access BUILTIN\Administrators
    (ID-IO) ALLOW Full access BUILTIN\Administrators
    (ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
    (ID-IO) ALLOW Full access CREATOR OWNER


    **********************************************************************************
    useragent:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
    "{FBFEC7D0-C884-61A8-8A44-1D969D841839}"=""

    **********************************************************************************
  7. 2005-11-24, 14:01 #47
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    part 3

    Shell Extension key:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    "{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
    "{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
    "{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
    "{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
    "{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
    "{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
    "{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
    "{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
    "{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
    "{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
    "{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
    "{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
    "{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
    "{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
    "{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
    "{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
    "{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
    "{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
    "{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
    "{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
    "{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
    "{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
    "{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
    "{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
    "{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
    "{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
    "{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
    "{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
    "{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
    "{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
    "{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
    "{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
    "{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
    "{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
    "{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
    "{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
    "{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
    "{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
    "{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
    "{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
    "{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
    "{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
    "{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
    "{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
    "{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
    "{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
    "{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
    "{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
    "{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
    "{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
    "{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
    "{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
    "{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
    "{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
    "{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
    "{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
    "{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
    "{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
    "{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
    "{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
    "{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
    "{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
    "{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
    "{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
    "{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
    "{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
    "{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
    "{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
    "{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
    "{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
    "{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
    "{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
    "{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
    "{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
    "{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
    "{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
    "{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
    "{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
    "{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
    "{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
    "{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
    "{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
    "{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
    "{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
    "{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
    "{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
    "{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
    "{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
    "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
    "{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
    "{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
    "{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
    "{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
    "{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
    "{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
    "{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
    "{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
    "{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
    "{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
    "{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
    "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
    "{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
    "{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
    "{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
    "{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
    "{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
    "{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
    "{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
    "{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
    "{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
    "{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
    "{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
    "{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
    "{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
    "{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
    "{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
    "{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
    "{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
    "{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
    "{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
    "{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
    "{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
    "{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
    "{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
    "{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
    "{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
    "{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
    "{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
    "{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
    "{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
    "{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
    "{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
    "{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
    "{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
    "{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
    "{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
    "{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
    "{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
  8. 2005-11-24, 14:03 #48
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    part 4

    "{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
    "{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
    "{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
    "{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
    "{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
    "{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
    "{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
    "{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
    "{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
    "{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
    "{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
    "{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
    "{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
    "{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
    "{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
    "{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
    "{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
    "{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
    "{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
    "{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
    "{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
    "{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
    "{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
    "{A0752120-6D75-D111-B5B1-0800095A2318}"="HandyBits EasyCrypto Shell Extensions"
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
    "{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}"="My Logitech Pictures"
    "{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
    "{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
    "{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
    "{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
    "{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice Property Sheet Handler"
    "{7106CF04-42F8-4314-81C4-2EE07F61962D}"=""
    "{5AB035BB-A13F-4045-BDC3-FF4EE13FBF90}"=""
    "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
    "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

    **********************************************************************************
    HKEY ROOT CLASSIDS:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{7106CF04-42F8-4314-81C4-2EE07F61962D}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7106CF04-42F8-4314-81C4-2EE07F61962D}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7106CF04-42F8-4314-81C4-2EE07F61962D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{7106CF04-42F8-4314-81C4-2EE07F61962D}\InprocServer32]
    @="C:\\WINDOWS\\system32\\WXDRMNet.dll"
    "ThreadingModel"="Apartment"

    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\CLSID\{5AB035BB-A13F-4045-BDC3-FF4EE13FBF90}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\CLSID\{5AB035BB-A13F-4045-BDC3-FF4EE13FBF90}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5AB035BB-A13F-4045-BDC3-FF4EE13FBF90}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\CLSID\{5AB035BB-A13F-4045-BDC3-FF4EE13FBF90}\InprocServer32]
    @="C:\\WINDOWS\\system32\\LSPCX80N.DLL"
    "ThreadingModel"="Apartment"

    **********************************************************************************
    Files Found are not all bad files:

    C:\WINDOWS\SYSTEM32\
    atmtd.dll Fri 7 Oct 2005 11:24:06 A.... 687,592 671.48 K
    browseui.dll Sat 3 Sep 2005 9:52:04 A.... 1,019,904 996.00 K
    cdfview.dll Sat 3 Sep 2005 9:52:04 A.... 151,040 147.50 K
    cdosys.dll Sat 10 Sep 2005 11:53:42 A.... 2,067,968 1.97 M
    danim.dll Sat 3 Sep 2005 9:52:04 A.... 1,053,696 1.00 M
    dn6801~1.dll Thu 24 Nov 2005 8:55:50 A.S.R 236,413 230.87 K
    dxtrans.dll Sat 3 Sep 2005 9:52:04 A.... 205,312 200.50 K
    en6ul1~1.dll Wed 23 Nov 2005 18:56:38 A.S.R 234,607 229.11 K
    enpol1~1.dll Thu 24 Nov 2005 10:31:50 A.S.R 236,923 231.37 K
    enpul1~1.dll Wed 23 Nov 2005 23:04:40 A.S.R 235,059 229.55 K
    extmgr.dll Sat 3 Sep 2005 9:52:04 ..... 55,808 54.50 K
    gdi32.dll Thu 6 Oct 2005 13:09:36 A.... 280,064 273.50 K
    gwfspi~1.dll Mon 29 Aug 2005 13:27:06 A.... 23,304 22.76 K
    hr2m05~1.dll Thu 24 Nov 2005 11:56:58 A.S.R 235,677 230.15 K
    iepeers.dll Sat 3 Sep 2005 9:52:04 A.... 251,392 245.50 K
    inseng.dll Sat 3 Sep 2005 9:52:04 A.... 96,256 94.00 K
    ir8ql5~1.dll Thu 24 Nov 2005 12:21:02 A.S.R 237,137 231.58 K
    iwnathlp.dll Wed 23 Nov 2005 12:28:28 A.S.R 234,272 228.78 K
    iynathlp.dll Wed 23 Nov 2005 12:28:24 A.... 234,272 228.78 K
    j62qlg~1.dll Sat 8 Oct 2005 9:48:42 ..S.R 235,798 230.27 K
    ktr4l7~1.dll Wed 23 Nov 2005 9:18:06 A.S.R 234,272 228.78 K
    l0n4la~1.dll Thu 24 Nov 2005 8:28:22 A.S.R 235,552 230.03 K
    legitc~1.dll Mon 29 Aug 2005 13:27:12 A.... 520,968 508.76 K
    linkinfo.dll Thu 1 Sep 2005 11:41:54 A.... 19,968 19.50 K
    lmmlmvid.dll Sat 8 Oct 2005 9:48:42 ..S.R 234,272 228.78 K
    mshtml.dll Tue 4 Oct 2005 17:26:00 A.... 3,015,168 2.88 M
    mshtmled.dll Sat 3 Sep 2005 9:52:06 A.... 448,512 438.00 K
    msrating.dll Sat 3 Sep 2005 9:52:06 A.... 146,432 143.00 K
    mstime.dll Sat 3 Sep 2005 9:52:06 A.... 530,432 518.00 K
    p24ulc~1.dll Thu 24 Nov 2005 8:49:30 A.S.R 234,219 228.73 K
    piqsp.dll Thu 24 Nov 2005 22:12:08 ..S.R 237,137 231.58 K
    pngfilt.dll Sat 3 Sep 2005 9:52:06 A.... 39,424 38.50 K
    quartz.dll Tue 30 Aug 2005 13:54:26 A.... 1,287,168 1.23 M
    shdocvw.dll Sat 3 Sep 2005 9:52:06 A.... 1,483,776 1.41 M
    shell32.dll Fri 23 Sep 2005 13:05:30 A.... 8,450,560 8.06 M
    shlwapi.dll Sat 3 Sep 2005 9:52:06 A.... 473,600 462.50 K
    sibcsp.dll Thu 24 Nov 2005 8:43:30 A.S.R 235,552 230.03 K
    sintf16.dll Thu 27 Oct 2005 12:12:44 A.... 12,067 11.78 K
    sintf32.dll Thu 27 Oct 2005 12:12:44 A.... 17,212 16.81 K
    sintfnt.dll Thu 27 Oct 2005 12:12:46 A.... 21,840 21.33 K
    sirenacm.dll Wed 12 Oct 2005 17:11:06 A.... 118,784 116.00 K
    spkit432.dll Fri 7 Oct 2005 20:35:24 ..S.R 234,272 228.78 K
    sqtupdll.dll Wed 23 Nov 2005 10:45:14 A.S.R 234,272 228.78 K
    urlmon.dll Sat 3 Sep 2005 9:52:06 A.... 608,768 594.50 K
    wininet.dll Sat 3 Sep 2005 9:52:06 A.... 658,432 643.00 K
    winsrv.dll Thu 1 Sep 2005 11:41:54 A.... 291,840 285.00 K
    wxdrmnet.dll Thu 24 Nov 2005 14:19:30 ..S.R 237,137 231.58 K

    47 items found: 47 files (17 H/S), 0 directories.
    Total of file sizes: 28,274,130 bytes 26.96 M
    Locate .tmp files:

    No matches found.
    **********************************************************************************
    Directory Listing of system files:
    Volume in drive C is HDD
    Volume Serial Number is B8A8-8356

    Directory of C:\WINDOWS\System32

    24/11/2005 10:12 PM <DIR> ..
    24/11/2005 10:12 PM <DIR> .
    24/11/2005 10:12 PM 237,137 pIqsp.dll
    24/11/2005 02:19 PM 237,137 WXDRMNet.dll
    24/11/2005 12:21 PM 237,137 ir8ql5l51.dll
    24/11/2005 11:56 AM 235,677 hr2m05f1e.dll
    24/11/2005 10:31 AM 236,923 enpol1731.dll
    24/11/2005 08:55 AM 236,413 dn6801jue.dll
    24/11/2005 08:49 AM 234,219 p24ulch91f4.dll
    24/11/2005 08:43 AM 235,552 sibcsp.dll
    24/11/2005 08:28 AM 235,552 l0n4la5q1d.dll
    23/11/2005 11:04 PM 235,059 enpul1791.dll
    23/11/2005 06:56 PM 234,607 en6ul1j91.dll
    23/11/2005 12:28 PM 234,272 iwnathlp.dll
    23/11/2005 10:45 AM 234,272 sqtupdll.dll
    23/11/2005 09:18 AM 234,272 ktr4l79q1.dll
    16/10/2005 03:02 AM <DIR> dllcache
    08/10/2005 09:48 AM 234,272 LMMLMVid.dll
    08/10/2005 09:48 AM 235,798 j62qlgf5162.dll
    07/10/2005 08:35 PM 234,272 SPKIT432.DLL
    21/09/2003 12:59 PM <DIR> Microsoft
    17 File(s) 4,002,571 bytes
    4 Dir(s) 14,216,364,032 bytes free
  9. 2005-11-24, 14:12 #49
    Darren
    Darren is offline
    Member
    Join Date
    Nov 2005
    Posts
    10

    Default

    There is the stuff Lonny ready for whenever you want to tackle it. Isn't it Thankgiving in America though, did you forget??
  10. 2005-11-24, 15:00 #50
    shadowwar
    shadowwar is offline
    Security Expert-Emeritus
    Join Date
    Nov 2005
    Posts
    0

    Default

    Hi.

    I updated l2mfix again.. think it might be the space in the username causing the problem. would you mind re downloading it and trying again? be sure to delete the old l2mfix folder please.

    run option 2 and let me know if you see any errors and if any other dos windows open after you enter the password and enter.

    Thanks
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules