0

Hi

My friends computer has been hijacked lately, he keeps getting non-stop pop ups and have found several suspicious spyware on the computer which i have deleted but not all. I found webenhancer and multiple hijackers. can you please help me fix the computer urgently.


Logfile of HijackThis v1.99.1
Scan saved at 9:43:45 PM, on 26/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
C:\WINDOWS\System32\SEMBLY~1\regedit.exe
C:\Program Files\??sks\?ervices.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Unwired\UwSCT.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://joinup.unwired.com.au/&platform=win?ver=1.7.1
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Recylinder Check] kagbzzbten.exe
O4 - HKLM\..\RunServices: [Windows Recylinder Check] kagbzzbten.exe
O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\System32\SEMBLY~1\regedit.exe" -vt yazr
O4 - HKCU\..\Run: [Plniztfm] C:\Program Files\??sks\?ervices.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\mv8ul9l91.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\kmdtat.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2Fzc2ltIEthcmFt\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

2
Contributors
5
Replies
6
Views
11 Years
Discussion Span
Last Post by pop
0

Would somebody please help me fix the problem

0

Ouch! Sorry this got overlooked....

1. C:\Program Files\HijackThis.exe

The above log entry indicates that you are running HJT directly from within your Program Files folder; you need to create a new, separate folder for HJT and move the hijackthis.exe file there now.
HijackThis creates backup files each time it performs a fix, and the backup files will become scattered and unlocatable unless they are in their own folder with the program.


2. Please download the L2MFix utility.
* Save the file to your desktop and double click l2mfix.exe.
* Click the Install button to extract the files and follow the prompts.
* Open the newly added l2mfix folder on your desktop.
* Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing Enter.

This will scan your computer and it may appear nothing is happening. After a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 or any other files in the l2mfix folder until you are asked to do so!


-

0
L2MFIX find log 121605
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\m4820eloehqc0.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{156369CC-B324-C058-1253-41130B63EFBA}"=""


**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{3C1F176E-813B-4960-B923-6D3DA9E73AD2}"=""
"{9042F8C7-A558-4333-96BB-A4834AF4475F}"=""
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"


**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\eientprf.dll"
"ThreadingModel"="Apartment"


Windows Registry Editor Version 5.00


[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}\Implemented Categories]
@=""


[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""


[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}\InprocServer32]
@="C:\\WINDOWS\\system32\\mxlbui.dll"
"ThreadingModel"="Apartment"


**********************************************************************************
Files Found are not all bad files:


C:\WINDOWS\SYSTEM32\
ckgty.dll      Thu 29 Jun 2006   1:11:06   A....        139,264   136.00 K
kxymgr.dll     Thu 29 Jun 2006  21:31:08   ..S.R        236,502   230.96 K
whdsp.dll      Thu 29 Jun 2006  22:15:46   .....        237,272   231.71 K
irlql5~1.dll   Fri 30 Jun 2006  12:49:40   ..S.R        237,022   231.46 K
mxlbui.dll     Fri  7 Jul 2006  17:39:26   ..S.R        235,820   230.29 K
eientprf.dll   Thu 29 Jun 2006  22:17:02   ..S.R        236,502   230.96 K
fnl021~1.dll   Fri 30 Jun 2006  20:51:10   ..S.R        234,263   228.77 K
daapi.dll      Thu 27 Apr 2006  10:33:10   A....        207,872   203.00 K
i6600g~1.dll   Sat  1 Jul 2006  15:04:56   ..S.R        234,027   228.54 K
enl0l1~1.dll   Fri 30 Jun 2006  20:55:40   ..S.R        233,763   228.28 K
e820li~1.dll   Fri 30 Jun 2006  20:27:24   ..S.R        233,762   228.28 K
kt24l7~1.dll   Fri 30 Jun 2006  23:15:40   ..S.R        233,961   228.48 K
connapi.dll    Thu 27 Apr 2006  10:03:08   A....        243,712   238.00 K
n6r2lg~1.dll   Fri 30 Jun 2006  20:53:34   ..S.R        233,896   228.41 K
i660lg~1.dll   Fri  7 Jul 2006  17:39:24   ..S.R        236,886   231.33 K
m4820e~1.dll   Thu  6 Jul 2006  17:53:30   ..S.R        235,820   230.29 K
ncltools.dll   Thu 27 Apr 2006  10:02:52   A....         60,416    59.00 K
pncrt.dll      Mon  8 May 2006  23:44:48   A....        278,528   272.00 K
pndx5016.dll   Mon  8 May 2006  23:44:48   A....          6,656     6.50 K
pndx5032.dll   Mon  8 May 2006  23:44:48   A....          5,632     5.50 K
rmoc3260.dll   Mon  8 May 2006  23:45:00   A....        176,167   172.04 K
spool32.dll    Thu 29 Jun 2006  19:22:10   A....         81,920    80.00 K


22 items found:  22 files (12 H/S), 0 directories.
Total of file sizes:  4,259,663 bytes      4.06 M
Locate .tmp files:


No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 2F59-12D9


Directory of C:\WINDOWS\System32


07/07/2006  05:39 PM           235,820 mxlbui.dll
07/07/2006  05:39 PM           236,886 i660lgjm16oa.dll
06/07/2006  05:53 PM           235,820 m4820eloehqc0.dll
01/07/2006  03:04 PM           234,027 i6600gjme6oa0.dll
30/06/2006  11:15 PM           233,961 kt24l7fq1.dll
30/06/2006  08:55 PM           233,763 enl0l13m1.dll
30/06/2006  08:53 PM           233,896 n6r2lg9o16.dll
30/06/2006  08:51 PM           234,263 fnl0213mg.dll
30/06/2006  08:27 PM           233,762 e820lifm182a.dll
30/06/2006  12:49 PM           237,022 irlql5351.dll
29/06/2006  10:17 PM           236,502 eientprf.dll
29/06/2006  09:31 PM           236,502 kxymgr.dll
20/04/2006  07:21 PM                32 {8481D936-3F8B-4FE2-9D19-E64A74E743A7}.dat
03/03/2003  10:01 AM    <DIR>          Microsoft
03/03/2003  09:38 AM    <DIR>          dllcache
13 File(s)      2,822,256 bytes
2 Dir(s)  30,382,260,224 bytes free

Edited by happygeek: fixed formatting

0

OK- that shows us the infections; please do the following:

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

* Download and install the most current updates for your antivirus program.

* Download these (free) utilities and save them in a convenient location:
ewido Antispyware (trial version)
ATF Cleaner
(Your log indicates that you had/have ewido installed; unless you installed it fairly recently, download and use the version I linked to above)

* Install and configure ewido:

  • Close all other Applications and run hte ewido installer.
  • Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen. (It is very important to get the updates)
  • Don't run a scan with ewido yet; just close the program when the updating has finished.

*Open the Services utility in your Administrative Tools control panel.
- In the list of services, locate the service named Command Service or cmdService and double-click on it.
- In the General tab of the Properties window that opens, click the Stop button.
- Once the service is stopped, choose Disabled in the Startup Type drop-down menu and then click OK.
- Close the Services utility.


* Run HijackThis again, put a check mark in the boxes to the left of the following entries, and then click the "Fix checked" button:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://joinup.unwired.com.au/&platform=win?ver=1.7.1
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Windows Recylinder Check] kagbzzbten.exe
O4 - HKLM\..\RunServices: [Windows Recylinder Check] kagbzzbten.exe
O4 - HKCU\..\Run: [Ttah] "C:\WINDOWS\System32\SEMBLY~1\regedit.exe" -vt yazr
O4 - HKCU\..\Run: [Plniztfm] C:\Program Files\??sks\?ervices.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\mv8ul9l91.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\kmdtat.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\V2Fzc2ltIEthcmFt\command.exe (file missing)

- In HijackThis' main window, click on Config, then Misc Tools, and then press the Delete an NT service.. button. When it opens, enter the following in the deletion box and press OK: cmdService
* Close HijackThis.


* From the l2mfix folder, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Save the log file; you will be including it in your next post.
(If you get prompted for a password while running L2MFix, type: bye )


* Reboot your computer in Safe Mode by doing the following (you must be in Safe Mode for the rest of these procedures):

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Log in to the Administrator account.

* Run ATF-Cleaner
-
Double-click ATF-Cleaner.exe to open the program.
- Under Main choose: Select All
- Click the Empty Selected button.

If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


* Open Ewido

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close Ewido.

* Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".


* Search for the following files and delete them if found:
kagbzzbten.exe
C:\WINDOWS\system32\mv8ul9l91.dll
C:\WINDOWS\system32\kmdtat.dll

* Delete the following folders entirely:
C:\WINDOWS\V2Fzc2ltIEthcmFt
C:\WINDOWS\System32\SEMBLY~1
C:\Program Files\??sks

The "~1" and "?" in the foldernames above are placeholders indicating random characters; they are not part of the folders' actual names. For example: the SEMBLY~1 folder's real name will begin with the letters SEMBLY, followed by some other characters. The ??sks folder's real name will have an alphanumeric character in place of each "?" (the real name of this folder is often "Tasks").


* Empty your Recycle Bin and reboot normally.


* Run HijackThis again and post the new log. Also post the logs that ewido and L2MFix generated.

-

0

Hi DMR,

Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 9:22:45 PM, on 12/07/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Unwired\UwSCT.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\hh\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 66.20.37.76:80
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_11\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Unwired Launchpad.lnk = C:\Program Files\Unwired\UwSCT.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\spool32.dll
O20 - Winlogon Notify: Explorer - C:\WINDOWS\system32\hrpm0571e.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:44:15 PM 12/07/2006

+ Scan result:

C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007454.exe -> Adware.Agent : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007462.exe -> Adware.Agent : No action taken.
C:\Program Files\KaZaA Lite\TopSearch.dll -> Adware.Altnet : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009958.EXE -> Adware.ClickSpring : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007469.dll -> Adware.CommAd : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007470.exe -> Adware.CommAd : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/cJrds.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/e820lifm182a.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/eientprf.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/enl0l13m1.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/fnl0213mg.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/gqdef.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/hrpm0571e.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/i6600gjme6oa0.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/irlql5351.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/kt24l7fq1.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/kxymgr.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/m0jula191d.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/mklbui.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/mtoert2.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/n6r2lg9o16.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/pptorec.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/sji.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/snmapi.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/whdsp.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\backup.zip/dlls/xrlehlp.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\cJrds.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\e820lifm182a.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\eientprf.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\enl0l13m1.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\fnl0213mg.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\gqdef.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\hrpm0571e.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\i6600gjme6oa0.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\irlql5351.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\kt24l7fq1.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\kxymgr.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\m0jula191d.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\mklbui.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\mtoert2.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\n6r2lg9o16.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\pptorec.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\sji.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\snmapi.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\whdsp.dll -> Adware.Look2Me : No action taken.
C:\Documents and Settings\Wassim Karam\My Documents\l2mfix\dlls\xrlehlp.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007366.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007432.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007433.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007434.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007436.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007452.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007466.exe -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007475.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007482.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007489.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007503.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007516.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007517.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007528.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007529.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007539.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007540.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007552.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007553.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007562.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007563.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007571.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007577.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008574.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008581.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008588.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008594.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008603.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008604.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008623.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008624.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008634.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0008635.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008647.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008648.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008660.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008665.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008672.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008677.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008682.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0008687.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0009685.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0009697.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0009704.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0009709.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP54\A0009714.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009726.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009728.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009744.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009745.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP56\A0009766.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP56\A0009768.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP56\A0009785.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP56\A0009792.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009796.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009801.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009809.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009814.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009819.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009824.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009844.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009881.DLL -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009888.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009890.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009896.DLL -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009908.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009915.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009923.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009930.DLL -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009940.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009944.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009950.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009957.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009963.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009964.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009965.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010130.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010137.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010184.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010190.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010198.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010204.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010213.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010221.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0010227.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0011224.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0012227.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0013227.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0014226.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015224.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015245.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015253.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015256.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015262.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015264.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0015271.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0016267.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017267.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017272.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017277.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017285.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017289.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017294.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017301.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017305.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP59\A0017314.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP59\A0017315.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP59\A0017323.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP59\A0017324.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP59\A0017336.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP59\A0017337.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017519.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017520.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017832.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017833.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017840.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017841.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017849.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017850.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017857.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017858.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017868.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017869.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017877.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017878.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017886.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017887.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017895.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP62\A0017896.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017904.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017905.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017914.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017915.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017927.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017928.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017936.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017942.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018002.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018009.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018011.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018018.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018020.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018026.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018029.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0018034.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018039.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018045.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018048.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018054.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018057.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018063.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018065.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018072.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018076.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018085.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018092.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018100.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018107.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018114.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018122.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018130.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018136.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018138.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018145.DLL -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018177.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018184.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018192.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018193.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018194.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018195.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018196.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018197.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018198.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018199.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018200.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018201.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018202.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018203.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018204.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018205.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018206.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018207.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018208.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018209.dll -> Adware.Look2Me : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009966.exe -> Adware.MediaTicket : No action taken.
C:\Program Files\Таsks\ѕervices.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009959.DLL -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009960.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009961.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP64\A0018191.DLL -> Adware.PurityScan : No action taken.
C:\WINDOWS\system32\ckgty.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007363.exe/toolbar.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007437.exe/toolbar.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP58\A0017282.dll -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009755.exe -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP56\A0009767.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007441.dll -> Adware.TargetServer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007337.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007338.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007339.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007430.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007448.EXE -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007449.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007450.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007451.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007472.EXE -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007473.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007474.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007494.EXE -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007495.dll -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007496.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007497.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007500.EXE -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007501.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007502.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009836.EXE -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009840.EXE -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009841.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009842.DLL -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009843.exe -> Adware.WebHancer : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009852.exe/whAgent.exe -> Adware.WebHancer : No action taken.
C:\Documents and Settings\Wassim Karam\Shared\Hide IP Platinum 2.8.rar/Setup.exe -> Backdoor.IRCBot.dd : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007453.exe -> Backdoor.Rbot : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007416.exe -> Downloader.Adload.bo : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009757.exe -> Downloader.Adload.bo : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009760.exe -> Downloader.Adload.bo : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009761.exe -> Downloader.Adload.bo : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009762.exe -> Downloader.Adload.bo : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009763.exe -> Downloader.Adload.bo : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009758.exe -> Downloader.Adload.bv : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007376.EXE -> Downloader.PurityScan.cl : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007435.exe -> Downloader.Small.buy : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007459.exe -> Downloader.Small.buy : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007440.exe -> Downloader.TSUpdate.f : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007439.exe -> Downloader.TSUpdate.l : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007431.exe -> Downloader.TSUpdate.n : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007465.exe -> Downloader.TSUpdate.o : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007438.exe -> Downloader.TSUpdate.p : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007458.exe -> Downloader.VB.abm : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP57\A0009855.exe -> Dropper.Small.qn : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007455.exe -> Dropper.VB.mz : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP53\A0007457.exe -> Hijacker.StartPage.aju : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009759.exe -> Hijacker.VB.ly : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP63\A0017993.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : No action taken.
C:\WINDOWS\system32\аѕsembly\regedit.exe -> Trojan.PurityAd : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP52\A0007332.exe -> Trojan.VB.abv : No action taken.
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP55\A0009739.exe -> Trojan.VB.abv : No action taken.


::Report end

L2mfix Beta 121605
Creating Account.
The command completed successfully.

Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 400 'smss.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 480 'winlogon.exe'
Killing PID 480 'winlogon.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 220 'explorer.exe'
Killing PID 220 'explorer.exe'
Killing PID 220 'explorer.exe'
Killing PID 220 'explorer.exe'
Killing PID 220 'explorer.exe'
Killing PID 220 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1112 'rundll32.exe'
Killing PID 1112 'rundll32.exe'
Killing PID 1112 'rundll32.exe'
Killing PID 1108 'rundll32.exe'
Killing PID 1108 'rundll32.exe'
Killing PID 1108 'rundll32.exe'
Killing PID 1108 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful
Granting SeDebugPrivilege to Administrateurs ... failed (GetAccountSid(Administrateurs)=1332
Granting SeDebugPrivilege to Administrat÷rer ... failed (GetAccountSid(Administrat÷rer)=1332
Granting SeDebugPrivilege to Administradores ... failed (GetAccountSid(Administradores)=1332
Granting SeDebugPrivilege to Amministratore ... failed (GetAccountSid(Amministratore)=1332
Granting SeDebugPrivilege to Administratoren ... failed (GetAccountSid(Administratoren)=1332

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
moving: C:\WINDOWS\system32\cJrds.dll
Successfully Moved: C:\WINDOWS\system32\cJrds.dll
moving: C:\WINDOWS\system32\e820lifm182a.dll
Successfully Moved: C:\WINDOWS\system32\e820lifm182a.dll
moving: C:\WINDOWS\system32\eientprf.dll
Successfully Moved: C:\WINDOWS\system32\eientprf.dll
moving: C:\WINDOWS\system32\enl0l13m1.dll
Successfully Moved: C:\WINDOWS\system32\enl0l13m1.dll
moving: C:\WINDOWS\system32\fnl0213mg.dll
Successfully Moved: C:\WINDOWS\system32\fnl0213mg.dll
moving: C:\WINDOWS\system32\gqdef.dll
Successfully Moved: C:\WINDOWS\system32\gqdef.dll
moving: C:\WINDOWS\system32\hrpm0571e.dll
Successfully Moved: C:\WINDOWS\system32\hrpm0571e.dll
moving: C:\WINDOWS\system32\i6600gjme6oa0.dll
Successfully Moved: C:\WINDOWS\system32\i6600gjme6oa0.dll
moving: C:\WINDOWS\system32\irlql5351.dll
Successfully Moved: C:\WINDOWS\system32\irlql5351.dll
moving: C:\WINDOWS\system32\kt24l7fq1.dll
Successfully Moved: C:\WINDOWS\system32\kt24l7fq1.dll
moving: C:\WINDOWS\system32\kxymgr.dll
Successfully Moved: C:\WINDOWS\system32\kxymgr.dll
moving: C:\WINDOWS\system32\m0jula191d.dll
Successfully Moved: C:\WINDOWS\system32\m0jula191d.dll
moving: C:\WINDOWS\system32\mklbui.dll
Successfully Moved: C:\WINDOWS\system32\mklbui.dll
moving: C:\WINDOWS\system32\mtoert2.dll
Successfully Moved: C:\WINDOWS\system32\mtoert2.dll
moving: C:\WINDOWS\system32\n6r2lg9o16.dll
Successfully Moved: C:\WINDOWS\system32\n6r2lg9o16.dll
moving: C:\WINDOWS\system32\pptorec.dll
Successfully Moved: C:\WINDOWS\system32\pptorec.dll
moving: C:\WINDOWS\system32\sji.dll
Successfully Moved: C:\WINDOWS\system32\sji.dll
moving: C:\WINDOWS\system32\snmapi.dll
Successfully Moved: C:\WINDOWS\system32\snmapi.dll
moving: C:\WINDOWS\system32\whdsp.dll
Successfully Moved: C:\WINDOWS\system32\whdsp.dll
moving: C:\WINDOWS\system32\xrlehlp.dll
Successfully Moved: C:\WINDOWS\system32\xrlehlp.dll

Desktop.ini sucessfully removed


Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Explorer]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\hrpm0571e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\cJrds.dll
C:\WINDOWS\system32\e820lifm182a.dll
C:\WINDOWS\system32\eientprf.dll
C:\WINDOWS\system32\enl0l13m1.dll
C:\WINDOWS\system32\fnl0213mg.dll
C:\WINDOWS\system32\gqdef.dll
C:\WINDOWS\system32\hrpm0571e.dll
C:\WINDOWS\system32\i6600gjme6oa0.dll
C:\WINDOWS\system32\irlql5351.dll
C:\WINDOWS\system32\kt24l7fq1.dll
C:\WINDOWS\system32\kxymgr.dll
C:\WINDOWS\system32\m0jula191d.dll
C:\WINDOWS\system32\mklbui.dll
C:\WINDOWS\system32\mtoert2.dll
C:\WINDOWS\system32\n6r2lg9o16.dll
C:\WINDOWS\system32\pptorec.dll
C:\WINDOWS\system32\sji.dll
C:\WINDOWS\system32\snmapi.dll
C:\WINDOWS\system32\whdsp.dll
C:\WINDOWS\system32\xrlehlp.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}\InprocServer32]
@="C:\\WINDOWS\\system32\\eientprf.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}\InprocServer32]
@="C:\\WINDOWS\\system32\\gqdef.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{3C1F176E-813B-4960-B923-6D3DA9E73AD2}"=-
"{9042F8C7-A558-4333-96BB-A4834AF4475F}"=-
[-HKEY_CLASSES_ROOT\CLSID\{3C1F176E-813B-4960-B923-6D3DA9E73AD2}]
[-HKEY_CLASSES_ROOT\CLSID\{9042F8C7-A558-4333-96BB-A4834AF4475F}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
****************************************************************************
Desktop.ini Contents:
****************************************************************************
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
adding: dlls/cJrds.dll (deflated 4%)
adding: dlls/e820lifm182a.dll (deflated 4%)
adding: dlls/eientprf.dll (deflated 5%)
adding: dlls/enl0l13m1.dll (deflated 4%)
adding: dlls/fnl0213mg.dll (deflated 4%)
adding: dlls/gqdef.dll (deflated 4%)
adding: dlls/hrpm0571e.dll (deflated 4%)
adding: dlls/i6600gjme6oa0.dll (deflated 4%)
adding: dlls/irlql5351.dll (deflated 6%)
adding: dlls/kt24l7fq1.dll (deflated 4%)
adding: dlls/kxymgr.dll (deflated 5%)
adding: dlls/m0jula191d.dll (deflated 4%)
adding: dlls/mklbui.dll (deflated 4%)
adding: dlls/mtoert2.dll (deflated 6%)
adding: dlls/n6r2lg9o16.dll (deflated 4%)
adding: dlls/pptorec.dll (deflated 6%)
adding: dlls/sji.dll (deflated 6%)
adding: dlls/snmapi.dll (deflated 6%)
adding: dlls/whdsp.dll (deflated 6%)
adding: dlls/xrlehlp.dll (deflated 6%)
adding: backregs/notibac.reg (deflated 63%)
adding: backregs/shell.reg (deflated 73%)
adding: backregs/3C1F176E-813B-4960-B923-6D3DA9E73AD2.reg (deflated 70%)
adding: backregs/9042F8C7-A558-4333-96BB-A4834AF4475F.reg (deflated 70%)


Is the computer safe now?

What do i do with windows explorer? do i keep the changes you specified or restore to original settings?

Thankyou very much

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.