First of all, I must say thanks to this site, I have been able to take care of most of my problems, and I have learned a lot, and fixed a lot.
Now...my question is more a "general method" question, than a request for someone to read through my HJT log and lead me along.
Here's what I'm dealing with:
1. Two programs which are evident ONLY in the HJT startup log. It is not possible to delete with Killbox, and is not possible to locate with XP search, etc. All hidden folders are shown, all usual routes have been taken. Both are executables. Only one has a strange character (d?xplore.exe).
2. These programs (I believe), installs a .dll into a random registry folder it creates in the "notify" sub-sub folder. The DLLs always are a random string of letters and numbers. Upon looking in Windows-->system32--> I found MANY dlls with random number/letter strings in the 224-229k range. However, I'm reluctant to dump all of them.
So...my questions are: How do I delete something I can only find with HJT (and which can't be deleted with HJT on it's own)? And can I assume any group of DLLs in the 224-229k range that were modified at the same time and appear to be random number/letter strings can be safely deleted?
ALSO--just a note to others. MS Anti-Spyware Beta is already totally cracked and messed with by script kiddies and hackers. Two days after installation it stopped showing running processes, among other crucial errors.