Tech Support Forum - View Single Post

sUBs · 11-23-2005, 09:47 AM

Read through the entire passage before beginning this fix. It's a bit complicated.

Download the file I've attached to this post - lm.zip

Double-click on Killbox.exe to run the program.

At the bottom right of the main screen, click on the arrow to the right of System Process
(The area is to the left of the yellow triangle.)
Select the following entry: rundll32.exe
Now click the yellow triangle to End Task

Wait a few seconds, and check again for rundll32.exe, as it may reload!
If so, End Task once again.

Next, open lm.zip & doubleclick on lm.bat

after that, highlight the entries below and press the Ctrl and the C key at the same time to copy them to the clipboard:

c:\windows\system32\guard.tmp
c:\windows\system32\msupdate32.dll
c:\windows\system32\ore2nls.dll
c:\windows\system32\fpls0337e.dll
c:\windows\system32\ode2nls.dll
c:\windows\system32\enp6l17s1.dll
c:\windows\system32\ktlql7351.dll
c:\windows\system32\n24slch71f4.dll
c:\windows\system32\jt6s07j7e.dll
c:\windows\system32\l4j8le1u1h.dll
c:\windows\system32\m4820eloehqc0.dll
c:\windows\system32\dn8601lse.dll
c:\windows\system32\sde.dll
C:\WINDOWS\TWluYWw\command.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe

Click on the File menu of Pocket KillBox and select: Paste from Clipboard

In the Full Path of File to Delete box you should see the first entry.
Make sure C:\Windows\System32\guard.tmp appears on the list.

If not, click on the arrow to the right of System Process
Once again select the following entry: rundll32.exe
Click the yellow triangle to End Task

(End Task on rundll32.exe until C:\WINDOWS\SYSTEM32\guard.tmp is on the list!)

Then, highlight the file entries once again and press the Ctrl and the C key at the same time to copy them to the clipboard:

Click on the File menu of Pocket KillBox and select: Paste from Clipboard

In the Full Path of File to Delete box you should see the first entry.
Once again, use the down arrow to see the rest of the files.

C:\Windows\System32\guard.tmp must appear on the list!!

Press the button with a red circle and a white X (Delete File button)
Click Yes at the confirmation message that files will be deleted on next reboot
Click Yes at the request to reboot

If the PendingFileRenameOperations error appears , then you must reboot.
Upon reboot, L2M file names may change.
In that case, exit out of KillBox
Run L2MFix Option 1 and post its log in your reply.
>>Please wait for new instructions!!<<

If the PendingFileRenameOperations error does not appear, post a fresh HJT after you have rebooted

11-23-2005, 09:47 AM	#10 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Read through the entire passage before beginning this fix. It's a bit complicated. Download the file I've attached to this post - lm.zip Double-click on Killbox.exe to run the program. At the bottom right of the main screen, click on the arrow to the right of System Process (The area is to the left of the yellow triangle.) Select the following entry: rundll32.exe Now click the yellow triangle to End Task Wait a few seconds, and check again for rundll32.exe, as it may reload! If so, End Task once again. Next, open lm.zip & doubleclick on lm.bat after that, highlight the entries below and press the Ctrl and the C key at the same time to copy them to the clipboard: c:\windows\system32\guard.tmp c:\windows\system32\msupdate32.dll c:\windows\system32\ore2nls.dll c:\windows\system32\fpls0337e.dll c:\windows\system32\ode2nls.dll c:\windows\system32\enp6l17s1.dll c:\windows\system32\ktlql7351.dll c:\windows\system32\n24slch71f4.dll c:\windows\system32\jt6s07j7e.dll c:\windows\system32\l4j8le1u1h.dll c:\windows\system32\m4820eloehqc0.dll c:\windows\system32\dn8601lse.dll c:\windows\system32\sde.dll C:\WINDOWS\TWluYWw\command.exe C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe Click on the File menu of Pocket KillBox and select: Paste from Clipboard In the Full Path of File to Delete box you should see the first entry. Make sure C:\Windows\System32\guard.tmp appears on the list. If not, click on the arrow to the right of System Process Once again select the following entry: rundll32.exe Click the yellow triangle to End Task (End Task on rundll32.exe until C:\WINDOWS\SYSTEM32\guard.tmp is on the list!) Then, highlight the file entries once again and press the Ctrl and the C key at the same time to copy them to the clipboard: Click on the File menu of Pocket KillBox and select: Paste from Clipboard In the Full Path of File to Delete box you should see the first entry. Once again, use the down arrow to see the rest of the files. C:\Windows\System32\guard.tmp must appear on the list!! Press the button with a red circle and a white X (Delete File button) Click Yes at the confirmation message that files will be deleted on next reboot Click Yes at the request to reboot If the PendingFileRenameOperations error appears , then you must reboot. Upon reboot, L2M file names may change. In that case, exit out of KillBox Run L2MFix Option 1 and post its log in your reply. >>Please wait for new instructions!!<< If the PendingFileRenameOperations error does not appear, post a fresh HJT after you have rebooted __________________ Question - what have you done for the community today? Last edited by sUBs; 11-23-2005 at 12:19 PM.