Problems with amaena.com and WinFixer

paul_kimber · 04-16-2006, 04:13 PM

Hi for the past week ive been getting problems on my laptop with popups from Winfixer and amaena.com aswell as other annoying pop ads please help me if you can! here is my log

Logfile of HijackThis v1.99.1
Scan saved at 23:10:14, on 16/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard6.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad6.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\m4po0e73eh.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Thanks

tetonbob · 04-16-2006, 10:52 PM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When it re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt at the end of this fix.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX and place it in your C:\Windows\System32 Directory.

--------------------------------------------------

1. Please download Ewido Anti-Malware

Install ewido anti-malware
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
Exit Ewido, do not run the scan yet!

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:

Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

paul_kimber · 04-17-2006, 07:29 AM

Hi There thanks for this help my Internet seems faster already anyway.

Here is my Look 2 Me Destroyer report

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 17/04/2006 12:47:06

Infected! C:\WINDOWS\system32\fp0s03d7e.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adi3d2ag.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adledit.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ccadmin.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cccdll.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cgcisco.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cjrpol.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dfound3d.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dwnmodem.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\en4ul1h91.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\enlul1391.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\f4j20e1oeh.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\fp0s03d7e.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\gtkrsrc.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ibrdbg32.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iglogmsg.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iHsads.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ihwphbk.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ii41_qc.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ipuv_32.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir4ol5h31.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir6ql5j51.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\irpol5731.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\kmdgae.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\l0n4la5q1d.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lacwmi.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lbbeay32.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lorhelp.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvr8099ue.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvrs0997e.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m6lslg3716.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m8rm0i91e8.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mlsystem.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mpasn1.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mvmdd.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nblanui.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nflanui2.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nkshrui.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nlshrui.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nudll.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nutmsg.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\okethk32.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\oneacc.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pIutoenr.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pltorsvc.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pqotowiz.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\q4860elsehq60.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\rqpcfgex.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sdxcoins.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sle.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sspblb.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\udrfaxa.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\uzrdpa.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\vha.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wmnshfhc.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wnnfax.dll
Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wtw32.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020781.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020785.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020797.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020801.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020817.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020842.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0021848.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023860.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023879.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023885.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025057.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025106.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025118.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025119.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025345.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025346.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025349.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025350.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025351.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025366.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025368.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025369.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025370.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025372.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025386.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025387.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025402.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025403.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025409.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025632.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025633.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025634.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025637.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025638.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025639.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025654.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025656.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025657.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025658.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025660.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025674.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025675.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025713.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP28\A0025732.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025755.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025790.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025802.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025811.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025823.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025824.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025830.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025842.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025851.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025861.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025870.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025881.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0026127.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027132.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027165.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027175.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027193.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027227.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027235.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027249.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027262.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027280.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027286.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027308.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027324.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027354.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027371.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027381.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027396.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027415.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027457.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027489.dll
Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027493.dll

Attempting to delete infected files...

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adi3d2ag.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adi3d2ag.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adledit.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adledit.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ccadmin.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ccadmin.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cccdll.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cccdll.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cgcisco.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cgcisco.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cjrpol.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cjrpol.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dfound3d.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dfound3d.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dwnmodem.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dwnmodem.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\en4ul1h91.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\en4ul1h91.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\enlul1391.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\enlul1391.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\f4j20e1oeh.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\f4j20e1oeh.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\fp0s03d7e.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\fp0s03d7e.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\gtkrsrc.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\gtkrsrc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ibrdbg32.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ibrdbg32.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iglogmsg.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iglogmsg.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iHsads.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iHsads.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ihwphbk.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ihwphbk.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ii41_qc.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ii41_qc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ipuv_32.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ipuv_32.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir4ol5h31.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir4ol5h31.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir6ql5j51.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir6ql5j51.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\irpol5731.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\irpol5731.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\kmdgae.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\kmdgae.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\l0n4la5q1d.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\l0n4la5q1d.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lacwmi.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lacwmi.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lbbeay32.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lbbeay32.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lorhelp.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lorhelp.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvr8099ue.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvr8099ue.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvrs0997e.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvrs0997e.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m6lslg3716.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m6lslg3716.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m8rm0i91e8.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m8rm0i91e8.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mlsystem.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mlsystem.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mpasn1.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mpasn1.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mvmdd.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mvmdd.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nblanui.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nblanui.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nflanui2.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nflanui2.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nkshrui.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nkshrui.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nlshrui.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nlshrui.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nudll.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nudll.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nutmsg.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nutmsg.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\okethk32.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\okethk32.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\oneacc.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\oneacc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pIutoenr.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pIutoenr.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pltorsvc.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pltorsvc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pqotowiz.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pqotowiz.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\q4860elsehq60.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\q4860elsehq60.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\rqpcfgex.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\rqpcfgex.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sdxcoins.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sdxcoins.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sle.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sle.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sspblb.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sspblb.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\udrfaxa.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\udrfaxa.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\uzrdpa.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\uzrdpa.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\vha.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\vha.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wmnshfhc.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wmnshfhc.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wnnfax.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wnnfax.dll Deleted successfully!

Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wtw32.dll
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wtw32.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020781.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020781.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020785.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020785.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020797.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020797.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020801.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020801.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020817.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020817.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020842.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020842.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0021848.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0021848.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023860.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023860.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023879.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023879.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023885.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023885.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025057.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025057.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025106.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025106.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025118.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025118.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025119.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025119.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025345.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025345.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025346.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025346.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025349.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025349.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025350.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025350.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025351.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025351.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025366.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025366.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025368.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025368.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025369.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025369.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025370.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025370.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025372.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025372.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025386.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025386.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025387.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025387.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025402.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025402.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025403.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025403.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025409.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025409.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025632.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025632.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025633.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025633.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025634.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025634.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025637.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025637.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025638.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025638.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025639.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025639.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025654.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025654.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025656.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025656.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025657.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025657.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025658.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025658.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025660.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025660.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025674.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025674.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025675.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025675.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025713.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025713.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP28\A0025732.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP28\A0025732.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025755.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025755.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025790.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025790.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025802.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025802.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025811.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025811.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025823.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025823.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025824.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025824.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025830.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025830.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025842.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025842.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025851.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025851.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025861.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025861.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025870.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025870.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025881.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025881.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0026127.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0026127.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027132.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027132.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027165.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027165.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027175.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027175.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027193.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027193.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027227.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027227.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027235.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027235.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027249.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027249.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027262.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027262.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027280.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027280.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027286.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027286.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027308.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027308.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027324.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027324.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027354.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027354.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027371.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027371.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027381.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027381.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027396.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027396.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027415.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027415.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027457.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027457.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027489.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027489.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027493.dll
C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027493.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Here is my Ewido Scan Report

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:04:49, 17/04/2006
+ Report-Checksum: 8C993F64

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-1644491937-507921405-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\ac2_0010.exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@b.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfk4wgdpwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkiajcjecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkigldzglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkioodpkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkoejazwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkokmdzogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkoqpdjgcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkoujc5wbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkouodzobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkysjdzibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkyupazeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfl4ugdzihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfligmc5cfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wflikgajiko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wflokhajgko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfmikpczccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfmiwoczggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgk4qicpolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgk4qkazedq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgkiqjajwep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgkismdzcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgkoqhcpmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgloggdjoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgmygmd5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjliapdzghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjlicgd5mko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjlikhdjsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjloegcjclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjlyspdjmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmykgdzakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmykpczcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmyqlcjadq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmywnc5skp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjnygmczifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjnywkd5gdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-beckman.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-capitalgroup.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-deltatre.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-flextech.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-liverpoolfctv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-mgnlimited.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-ubisoft.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ehg-yooxspa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@ostg.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@w104.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@web2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adi3d2ag.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adledit.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ccadmin.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cccdll.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cgcisco.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cjrpol.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/CKCL150.DLL -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dfound3d.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dwnmodem.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/en4ul1h91.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/enlul1391.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/f4j20e1oeh.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/fp0s03d7e.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/gtkrsrc.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ibrdbg32.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iglogmsg.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iHsads.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ihwphbk.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ii41_qc.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ipuv_32.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir4ol5h31.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir6ql5j51.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/irpol5731.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/kmdgae.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/l0n4la5q1d.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lacwmi.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lbbeay32.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lorhelp.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvr8099ue.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvrs0997e.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m6lslg3716.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m8rm0i91e8.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mlsystem.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mpasn1.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mvmdd.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nblanui.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nflanui2.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nkshrui.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nlshrui.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nudll.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nutmsg.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/okethk32.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/oneacc.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pIutoenr.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pltorsvc.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pqotowiz.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/q4860elsehq60.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/rqpcfgex.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sdxcoins.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sle.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sspblb.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/udrfaxa.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/uzrdpa.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/vha.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wmnshfhc.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wnnfax.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wtw32.dll -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\CKCL150.DLL -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@e-2dj6wflikidzego.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@www.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Internet Files\Content.IE5\GHIJKLMN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\drsmartload618a[1].exe -> Downloader.Adload.ah : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\newname6[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\mousepad6[1].exe -> Hijacker.VB.ly : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\85QV8DMZ\drsmartload46a[1].exe -> Downloader.Adload.ai : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\drsmartload[1].exe -> Downloader.Adload.ah : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\keyboard6[1].exe -> Downloader.VB.zo : Cleaned with backup
C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\drsmartload1.exe -> Downloader.VB.aad : Cleaned with backup
C:\drsmartload45a.exe -> Downloader.Adload.an : Cleaned with backup
C:\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned with backup
C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\keyboard11.exe -> Backdoor.VB.ary : Cleaned with backup
C:\WINDOWS\keyboard6.exe -> Downloader.VB.zo : Cleaned with backup
C:\WINDOWS\mousepad11.exe -> Hijacker.VB.mo : Cleaned with backup
C:\WINDOWS\mousepad6.exe -> Hijacker.VB.ly : Cleaned with backup
C:\WINDOWS\newname11.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\newname6.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\WINDOWS\system32\w00374bf.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\paul@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/GetAccess.class -> Downloader.OpenConnection.aj : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/Installer.class -> Downloader.OpenConnection.aj : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FS83V5RY\video[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup

:: Report End

And finally here his my HJT log

Logfile of HijackThis v1.99.1
Scan saved at 14:29:26, on 17/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [w00374bf.dll] RUNDLL32.EXE w00374bf.dll,I2 00071bff000374bf
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

Thanks Again

tetonbob · 04-17-2006, 09:06 AM

Good job, L2M was choking your system!

Please disable Ewido Security Suite's Guard by doing the following, as it may hinder the removal of some entries:

Open ewido by double-clicking the yellow 'e' icon in the system tray.
In the 'Your security status' section, toggle the ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'.
When you reboot, ewido will prompt you as to whether you would like to "Restart the guard?". Reply "No" and set it to ''inactive'' for the duration of your cleanup.

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [w00374bf.dll] RUNDLL32.EXE w00374bf.dll,I2 00071bff000374bf

---------------------------------------------------------------------------------------------

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Updating Java and Clearing Cache

Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
It will say "Java Plug-in" under the icon.
Please find the update button or tab in the Java Control Panel. Update your Java then reboot.
If you are unable to update you can manually update by going here:
- http://www.java.com/en/download/manual.jsp
After the reboot, go back into the Control Panel and double-click the Java Icon.
Under Temporary Internet Files, click the Delete Files button.
There are three options in the window to clear the cache - Leave ALL 3 Checked
- Downloaded Applets
  Downloaded Applications
  Other Files
Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
Click OK to leave the Java Control Panel.

You should then Uninstall J2SE Runtime Environment Update 3

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Create an uninstall list:

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

Please return with results from:

Panda
HJT
Uninstall list

How is your system behaving now, please?

paul_kimber · 04-17-2006, 03:16 PM

Hi there the system seems alot thanks

Here is my Panda Scan Report

Incident Status Location

Adware:adware/deskwizz Not disinfected C:\WINDOWS\dh.ini
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload2.dat
Adware:adware/webhancer Not disinfected C:\PROGRAM FILES\webHancer
Adware:adware/searchexe Not disinfected Windows Registry
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Paul\Cookies\paul@247realmedia[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Paul\Cookies\paul@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Paul\Cookies\paul@adrevolver[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Paul\Cookies\paul@adtech[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Paul\Cookies\paul@anm.co[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Paul\Cookies\paul@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Paul\Cookies\paul@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul\Cookies\paul@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Paul\Cookies\paul@bravenet[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Paul\Cookies\paul@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Paul\Cookies\paul@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Paul\Cookies\paul@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul\Cookies\paul@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Paul\Cookies\paul@fortunecity[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Paul\Cookies\paul@landing.domainsponsor[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Paul\Cookies\paul@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Paul\Cookies\paul@qsrch[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Paul\Cookies\paul@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Paul\Cookies\paul@searchportal.information[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Paul\Cookies\paul@winfixer[2].txt
Spyware:Cookie/FindtheWebsiteYouNeed Not disinfected C:\Documents and Settings\Paul\Cookies\paul@www.findthewebsiteyouneed[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Paul\Cookies\paul@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Paul\Cookies\paul@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Paul\Cookies\paul@xmts[2].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Paul\Cookies\paul@247realmedia[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Paul\Cookies\paul@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Paul\Cookies\paul@adrevolver[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Paul\Cookies\paul@adtech[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Paul\Cookies\paul@anm.co[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Paul\Cookies\paul@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Paul\Cookies\paul@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul\Cookies\paul@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Paul\Cookies\paul@bravenet[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Paul\Cookies\paul@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Paul\Cookies\paul@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Paul\Cookies\paul@cgi-bin[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Paul\Cookies\paul@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Paul\Cookies\paul@fortunecity[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Paul\Cookies\paul@landing.domainsponsor[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Paul\Cookies\paul@maxserving[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Paul\Cookies\paul@mediaplex[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Paul\Cookies\paul@qsrch[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Paul\Cookies\paul@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Paul\Cookies\paul@searchportal.information[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Paul\Cookies\paul@winfixer[2].txt
Spyware:Cookie/FindtheWebsiteYouNeed Not disinfected C:\Documents and Settings\Paul\Cookies\paul@www.findthewebsiteyouneed[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Paul\Cookies\paul@www48.seeq[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Paul\Cookies\paul@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Paul\Cookies\paul@xmts[2].txt
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[adi3d2ag.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[adledit.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ccadmin.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[cccdll.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[cgcisco.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[cjrpol.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[CKCL150.DLL]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[dfound3d.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[dwnmodem.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[en4ul1h91.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[enlul1391.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[f4j20e1oeh.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[fp0s03d7e.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[gtkrsrc.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ibrdbg32.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[iglogmsg.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[iHsads.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ihwphbk.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ii41_qc.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ipuv_32.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ir4ol5h31.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[ir6ql5j51.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[irpol5731.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[kmdgae.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[l0n4la5q1d.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[lacwmi.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[lbbeay32.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[lorhelp.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[lvr8099ue.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[lvrs0997e.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[m6lslg3716.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[m8rm0i91e8.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[mlsystem.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[mpasn1.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[mvmdd.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[nblanui.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[nflanui2.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[nkshrui.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[nlshrui.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[nudll.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[nutmsg.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[okethk32.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[oneacc.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[pIutoenr.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[pltorsvc.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[pqotowiz.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[q4860elsehq60.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[rqpcfgex.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[sdxcoins.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[sle.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[sspblb.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[udrfaxa.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[uzrdpa.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[vha.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[wmnshfhc.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[wnnfax.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip[wtw32.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Paul\Desktop\l2mfix.exe[Process.exe]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@adopt.hbmediapro[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@adrevolver[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@apmebf[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@errorsafe[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@gostats[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@realmedia[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@rn11[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@toplist[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@winfixer[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@www.errorsafe[1].txt
Spyware:Cookie/FindtheWebsiteYouNeed Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@www.findthewebsiteyouneed[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Internet Files\Content.IE5\89ABCDEF\l2mfix[1].exe[Process.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\Veracruz[1].exe
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\sk02[1].exe
Adware:Adware/WebHancer Not disinfected C:\Program Files\webHancer\Programs\SETC.tmp
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc16.exe
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc16.exe[whAgent.exe]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc16.exe[whInstaller.exe]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc16.exe[whSurvey.exe]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc16.exe[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc16.exe[whiehlpr.dll]
Adware:Adware/Deskwizz Not disinfected C:\RECYCLER\S-1-5-21-1644491937-507921405-854245398-1004\Dc17.exe
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Temp\Cookies\paul@888[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\WINDOWS\Temp\Cookies\paul@adopt.hbmediapro[2].txt
Spyware:Cookie/Cassava Not disinfected C:\WINDOWS\Temp\Cookies\paul@cassava[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\WINDOWS\Temp\Cookies\paul@errorsafe[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\WINDOWS\Temp\Cookies\paul@i.screensavers[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Temp\Cookies\paul@rn11[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\WINDOWS\Temp\Cookies\paul@winfixer[2].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Temp\Cookies\paul@xmts[1].txt
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FS83V5RY\classload[1].jar[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FS83V5RY\classload[1].jar[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FS83V5RY\classload[1].jar[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FS83V5RY\classload[1].jar[Installer.class]

Here is my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 22:09:42, on 17/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WallMaster\wallmast.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe

& here is my unistall list

Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.7
ArcSoft PhotoStudio 5.5
ATI Display Driver
AVG Free Edition
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Conexant 56K ACLink Modem
DivX
Easy-WebPrint
ewido anti-malware
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Help and Support
InterActual Player
InterVideo WinDVD 7
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.10.9
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Microsoft Office XP Professional
Microsoft Windows XP Video Decoder Checkup Utility
MSN Messenger 7.5
MSXML 4.0 SP2 Parser and SDK
OmniPage SE 2.0
Panda ActiveScan
PHP 5.1.2
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Spyware Doctor 3.8
Synaptics Pointing Device Driver
Tvants 1.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
WallMaster
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XoftSpy

tetonbob · 04-17-2006, 04:12 PM

Good job. Just a bit more work to do....

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Delete the following if they exist:

C:\WINDOWS\dh.ini
C:\WINDOWS\drsmartload2.dat
C:\PROGRAM FILES\webHancer
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run this final online scan, as it may see what the other may not:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

paul_kimber · 04-18-2006, 06:25 PM

Hi there sorry for the delay.

Here is my HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 01:16:32, on 19/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paul\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

And here is my Kaspersky report.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 19, 2006 1:01:43 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/04/2006
Kaspersky Anti-Virus database records: 188771
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 36909
Number of viruses found: 2
Number of infected objects: 63
Number of suspicious objects: 0
Duration of the scan process: 01:16:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adi3d2ag.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adledit.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ccadmin.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cccdll.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cgcisco.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cjrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/CKCL150.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dfound3d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dwnmodem.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/en4ul1h91.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/enlul1391.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/f4j20e1oeh.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/fp0s03d7e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/gtkrsrc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ibrdbg32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iglogmsg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iHsads.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ihwphbk.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ii41_qc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ipuv_32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir4ol5h31.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir6ql5j51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/irpol5731.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/kmdgae.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/l0n4la5q1d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lacwmi.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lbbeay32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lorhelp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvr8099ue.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvrs0997e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m6lslg3716.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m8rm0i91e8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mlsystem.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mpasn1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mvmdd.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nblanui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nflanui2.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nkshrui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nlshrui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nudll.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nutmsg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/okethk32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/oneacc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pIutoenr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pltorsvc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pqotowiz.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/q4860elsehq60.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/rqpcfgex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sdxcoins.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sle.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sspblb.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/udrfaxa.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/uzrdpa.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/vha.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wmnshfhc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wnnfax.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wtw32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip ZIP: infected - 57 skipped
C:\Documents and Settings\Paul\My Documents\Anti Spyware Software\XoftSpy421_169.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Paul\My Documents\Anti Spyware Software\XoftSpy421_169.exe NSIS: infected - 1 skipped
C:\Program Files\PPLive TV\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\PPLive TV\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\PPLive TV\SynaLiveSetup.exe NSIS: infected - 2 skipped

Scan process completed.

Thanks once again

tetonbob · 04-18-2006, 09:15 PM

Well, now you've somehow gotten some new crapware that weren't on your system before.

Where did you get Xoftspy? It seems as if it's infected. I'd recommend you remove it. There are better programs available for anti malware purposes.

We have to take a step back and do a through cleaning again. I'll add some protection layers as well.

Please refrain from internet use, except for cleaning, utill we have this resolved.

Download LSPFix as we may need it later.

Please update Ewido, and run a scan where I have it palced in this fix.

You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update.
Then click on Start Update.

The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Disconnect from the internet.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

NewDotNet or New.Net Domains
SaveUninst.exe.
WhenU
Xoftspy

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

While running Hijackthis, verify if these entries still exist:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

If they exist, we would be required to run LSPFix.exe

Instructions for using LSPFix

Double click on LSPFix.exe to run it.
Once running, you will be required to tick the disclaimer - "I know what I'm doing".
You'll find a windows with 2 panes.
In the left pane which is labeled 'Keep', select all instances of:
- NEWDOTNET or newdotnet7_22.dll
Then click on the arrow pointing to the right, >>.
This will move the entry to the right pane labeled 'Remove'
Click the Finish button to complete the fix.

Only entries similar to NEWDOTNET need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Delete the following if they exist:

C:\Program Files\NewDotNet
C:\Program Files\Save
C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip
C:\Documents and Settings\Paul\My Documents\Anti Spyware Software\XoftSpy421_169.exe

Run the ATF Cleaner again.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files

With the first file it prompts to clean, select the option:

"Perform action on all infections"
Choose clean and click OK.

Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Establish an internet connection

---------------------------------------------------------------------------------------------

Download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.php#adaware for better scan results. Run the scan and fix everything that it finds.

Perform an online scan with Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

Follow the prompts to install the ActiveX controls
It will say "Loading TrendMicro definitions".
Click "Start Scan"

After it's done scanning, click "Scan Results"

Make sure all items found have a check next to them, then click "Clean Threats Now".
Click Exit.

Reboot your computer. I then need you to repeat the same procedure above again using the TrendMicro tool.

---------------------------------------------------------------------------------------------

Run a new scan with Kaspersky, save the results and post them here.

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Download IE-SpyAD - Extract the contents to a new folder
From within the folder, double-click install.bat
Select Option #2 - Install the new IE-SPYAD list.
Then return to the main menu.
Select option #4 - Add the old porn sites domain

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

Download Host.zip to your desktop.
From your Desktop right-click (hosts.zip) and select:
Extract All from the menu.
Click Next, click Next, select the option:
"Show Extracted files", click Finish
This will open the newly created hosts folder on your Desktop.
Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.

Download SpywareBlaster 3.5.1
Install & update SpywareBlaster with the latest definitions.
After you have updated, click the button - enable protection for all unprotected items

So, please return with logs from:

Ewido
Kaspersky
HJT

04-16-2006, 04:13 PM	#1 (permalink)
paul_kimber Registered User Join Date: Mar 2005 Posts: 23 OS: Windows XP	Problems with amaena.com and WinFixer Hi for the past week ive been getting problems on my laptop with popups from Winfixer and amaena.com aswell as other annoying pop ads please help me if you can! here is my log Logfile of HijackThis v1.99.1 Scan saved at 23:10:14, on 16/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Documents and Settings\Paul\Desktop\HijackThis.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard6.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad6.exe O4 - HKLM\..\Run: [newname] C:\windows\newname6.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\m4po0e73eh.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Thanks

04-16-2006, 10:52 PM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,151 OS: 2000 Pro; XP Pro; XP Home	Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. Please download Look2Me-Destroyer.exe to your desktop. Close all windows before continuing. Double-click to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK When it re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on. Please post the contents of C:\Look2Me-Destroyer.txt at the end of this fix. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX and place it in your C:\Windows\System32 Directory. -------------------------------------------------- 1. Please download Ewido Anti-Malware Install ewido anti-malware Launch ewido, there should be an icon on your desktop, double-click it. The program will now open to the main screen. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. You will need to update ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. (the status bar at the bottom will display ("Update successful") Exit Ewido, do not run the scan yet! If you are having problems with the updater, you can use this link to manually update ewido. ewido manual updates 2. Please download Brute Force Uninstaller to your desktop. Right click the BFU folder on your desktop, and choose Extract All Click "Next" In the box to choose where to extract the files to, Click "Browse" Click on the + sign next to "My Computer" Click on "Local Disk (C:) or whatever your primary drive is Click "Make New Folder" Type in BFU Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish". 3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover. Save it in the same folder you made earlier (c:\BFU). Do not do anything with these yet! Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter. 4. Once in Safe Mode, Open Ewido: Click on scanner Click on Complete System Scan and the scan will begin. You will be prompted to clean the first infection. Select "Perform action on all infections", then proceed. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop or a location where you can find it easily. Close ewido anti-malware. 5. Then, please go to Start > My Computer and navigate to the C:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.) Wait for the complete script execution box to pop up and press OK. Press exit to terminate the BFU program. Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-17-2006, 07:29 AM	#3 (permalink)
paul_kimber Registered User Join Date: Mar 2005 Posts: 23 OS: Windows XP	Hi There thanks for this help my Internet seems faster already anyway. Here is my Look 2 Me Destroyer report Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 17/04/2006 12:47:06 Infected! C:\WINDOWS\system32\fp0s03d7e.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adi3d2ag.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adledit.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ccadmin.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cccdll.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cgcisco.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cjrpol.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dfound3d.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dwnmodem.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\en4ul1h91.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\enlul1391.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\f4j20e1oeh.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\fp0s03d7e.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\gtkrsrc.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ibrdbg32.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iglogmsg.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iHsads.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ihwphbk.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ii41_qc.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ipuv_32.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir4ol5h31.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir6ql5j51.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\irpol5731.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\kmdgae.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\l0n4la5q1d.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lacwmi.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lbbeay32.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lorhelp.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvr8099ue.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvrs0997e.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m6lslg3716.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m8rm0i91e8.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mlsystem.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mpasn1.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mvmdd.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nblanui.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nflanui2.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nkshrui.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nlshrui.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nudll.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nutmsg.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\okethk32.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\oneacc.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pIutoenr.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pltorsvc.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pqotowiz.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\q4860elsehq60.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\rqpcfgex.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sdxcoins.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sle.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sspblb.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\udrfaxa.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\uzrdpa.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\vha.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wmnshfhc.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wnnfax.dll Infected! C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wtw32.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020781.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020785.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020797.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020801.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020817.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020842.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0021848.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023860.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023879.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023885.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025057.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025106.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025118.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025119.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025345.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025346.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025349.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025350.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025351.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025366.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025368.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025369.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025370.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025372.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025386.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025387.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025402.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025403.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025409.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025632.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025633.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025634.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025637.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025638.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025639.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025654.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025656.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025657.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025658.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025660.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025674.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025675.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025713.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP28\A0025732.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025755.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025790.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025802.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025811.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025823.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025824.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025830.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025842.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025851.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025861.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025870.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025881.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0026127.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027132.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027165.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027175.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027193.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027227.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027235.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027249.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027262.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027280.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027286.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027308.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027324.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027354.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027371.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027381.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027396.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027415.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027457.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027489.dll Infected! C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027493.dll Attempting to delete infected files... Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adi3d2ag.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adi3d2ag.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adledit.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\adledit.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ccadmin.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ccadmin.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cccdll.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cccdll.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cgcisco.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cgcisco.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cjrpol.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\cjrpol.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dfound3d.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dfound3d.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dwnmodem.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\dwnmodem.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\en4ul1h91.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\en4ul1h91.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\enlul1391.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\enlul1391.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\f4j20e1oeh.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\f4j20e1oeh.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\fp0s03d7e.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\fp0s03d7e.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\gtkrsrc.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\gtkrsrc.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ibrdbg32.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ibrdbg32.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iglogmsg.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iglogmsg.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iHsads.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\iHsads.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ihwphbk.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ihwphbk.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ii41_qc.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ii41_qc.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ipuv_32.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ipuv_32.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir4ol5h31.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir4ol5h31.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir6ql5j51.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\ir6ql5j51.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\irpol5731.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\irpol5731.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\kmdgae.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\kmdgae.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\l0n4la5q1d.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\l0n4la5q1d.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lacwmi.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lacwmi.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lbbeay32.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lbbeay32.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lorhelp.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lorhelp.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvr8099ue.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvr8099ue.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvrs0997e.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\lvrs0997e.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m6lslg3716.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m6lslg3716.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m8rm0i91e8.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\m8rm0i91e8.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mlsystem.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mlsystem.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mpasn1.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mpasn1.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mvmdd.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\mvmdd.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nblanui.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nblanui.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nflanui2.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nflanui2.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nkshrui.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nkshrui.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nlshrui.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nlshrui.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nudll.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nudll.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nutmsg.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\nutmsg.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\okethk32.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\okethk32.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\oneacc.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\oneacc.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pIutoenr.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pIutoenr.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pltorsvc.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pltorsvc.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pqotowiz.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\pqotowiz.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\q4860elsehq60.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\q4860elsehq60.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\rqpcfgex.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\rqpcfgex.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sdxcoins.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sdxcoins.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sle.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sle.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sspblb.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\sspblb.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\udrfaxa.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\udrfaxa.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\uzrdpa.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\uzrdpa.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\vha.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\vha.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wmnshfhc.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wmnshfhc.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wnnfax.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wnnfax.dll Deleted successfully! Attempting to delete: C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wtw32.dll C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\wtw32.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020781.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020781.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020785.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020785.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020797.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020797.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020801.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP24\A0020801.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020817.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020817.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020842.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0020842.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0021848.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0021848.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023860.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023860.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023879.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023879.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023885.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0023885.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025057.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025057.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025106.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP25\A0025106.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025118.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025118.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025119.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025119.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025345.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025345.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025346.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025346.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025349.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025349.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025350.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025350.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025351.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025351.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025366.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025366.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025368.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025368.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025369.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025369.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025370.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025370.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025372.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025372.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025386.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025386.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025387.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP26\A0025387.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025402.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025402.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025403.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025403.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025409.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025409.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025632.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025632.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025633.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025633.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025634.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025634.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025637.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025637.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025638.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025638.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025639.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025639.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025654.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025654.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025656.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025656.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025657.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025657.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025658.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025658.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025660.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025660.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025674.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025674.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025675.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025675.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025713.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP27\A0025713.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP28\A0025732.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP28\A0025732.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025755.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025755.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025790.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025790.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025802.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025802.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025811.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025811.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025823.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025823.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025824.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025824.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025830.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025830.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025842.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP29\A0025842.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025851.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025851.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025861.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025861.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025870.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025870.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025881.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0025881.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0026127.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0026127.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027132.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027132.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027165.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027165.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027175.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP30\A0027175.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027193.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027193.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027227.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027227.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027235.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027235.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027249.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027249.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027262.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP31\A0027262.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027280.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027280.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027286.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027286.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027308.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP32\A0027308.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027324.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027324.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027354.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP33\A0027354.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027371.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027371.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027381.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027381.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027396.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027396.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027415.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP34\A0027415.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027457.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027457.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027489.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027489.dll Deleted successfully! Attempting to delete: C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027493.dll C:\System Volume Information\_restore{98178A2C-D970-4722-8866-B506D871C929}\RP35\A0027493.dll Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administrators - Succeeded Here is my Ewido Scan Report --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 14:04:49, 17/04/2006 + Report-Checksum: 8C993F64 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{6001CDF7-6F45-471b-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup HKU\S-1-5-21-1644491937-507921405-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup C:\ac2_0010.exe -> Downloader.Small.cpu : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@b.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@banner.clubdicecasino[1].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfk4wgdpwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkiajcjecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkigldzglq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkioodpkho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkoejazwdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkokmdzogq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkoqpdjgcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkoujc5wbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkouodzobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkysjdzibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfkyupazeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfl4ugdzihq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfligmc5cfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wflikgajiko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wflokhajgko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfmikpczccp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wfmiwoczggo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgk4qicpolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgk4qkazedq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgkiqjajwep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgkismdzcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgkoqhcpmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgloggdjoaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wgmygmd5mep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjliapdzghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjlicgd5mko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjlikhdjsgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjloegcjclq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjlyspdjmbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmykgdzakp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmykpczcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmyqlcjadq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjmywnc5skp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjnygmczifp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@e-2dj6wjnywkd5gdp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-beckman.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-capitalgroup.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-deltatre.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-flextech.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-idg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-liverpoolfctv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-mgnlimited.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-ubisoft.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ehg-yooxspa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@gettyimages.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@ostg.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@w104.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@web2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup C:\Documents and Settings\Paul\Cookies\paul@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adi3d2ag.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adledit.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ccadmin.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cccdll.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cgcisco.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cjrpol.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/CKCL150.DLL -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dfound3d.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dwnmodem.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/en4ul1h91.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/enlul1391.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/f4j20e1oeh.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/fp0s03d7e.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/gtkrsrc.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ibrdbg32.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iglogmsg.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iHsads.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ihwphbk.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ii41_qc.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ipuv_32.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir4ol5h31.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir6ql5j51.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/irpol5731.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/kmdgae.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/l0n4la5q1d.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lacwmi.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lbbeay32.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lorhelp.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvr8099ue.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvrs0997e.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m6lslg3716.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m8rm0i91e8.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mlsystem.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mpasn1.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mvmdd.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nblanui.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nflanui2.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nkshrui.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nlshrui.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nudll.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nutmsg.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/okethk32.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/oneacc.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pIutoenr.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pltorsvc.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pqotowiz.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/q4860elsehq60.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/rqpcfgex.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sdxcoins.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sle.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sspblb.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/udrfaxa.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/uzrdpa.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/vha.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wmnshfhc.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wnnfax.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wtw32.dll -> Adware.Look2Me : Error during cleaning C:\Documents and Settings\Paul\Desktop\l2mfix\dlls\CKCL150.DLL -> Adware.Look2Me : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@e-2dj6wflikidzego.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Cookies\paul@www.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temp\Temporary Internet Files\Content.IE5\GHIJKLMN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\AppWrap[2].exe -> Adware.AdURL : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\drsmartload618a[1].exe -> Downloader.Adload.ah : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\Installer[1].exe -> Adware.Look2Me : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\0HI705YN\newname6[1].exe -> Downloader.Adload.ae : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\AppWrap[1].exe -> Adware.Zestyfind : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\4L2V4TQ7\mousepad6[1].exe -> Hijacker.VB.ly : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\85QV8DMZ\drsmartload46a[1].exe -> Downloader.Adload.ai : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\drsmartload[1].exe -> Downloader.Adload.ah : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\keyboard6[1].exe -> Downloader.VB.zo : Cleaned with backup C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\WLQBCPEZ\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\drsmartload1.exe -> Downloader.VB.aad : Cleaned with backup C:\drsmartload45a.exe -> Downloader.Adload.an : Cleaned with backup C:\Installer.exe -> Adware.Look2Me : Cleaned with backup C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup C:\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned with backup C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup C:\WINDOWS\keyboard11.exe -> Backdoor.VB.ary : Cleaned with backup C:\WINDOWS\keyboard6.exe -> Downloader.VB.zo : Cleaned with backup C:\WINDOWS\mousepad11.exe -> Hijacker.VB.mo : Cleaned with backup C:\WINDOWS\mousepad6.exe -> Hijacker.VB.ly : Cleaned with backup C:\WINDOWS\newname11.exe -> Downloader.Adload.ae : Cleaned with backup C:\WINDOWS\newname6.exe -> Downloader.Adload.ae : Cleaned with backup C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup C:\WINDOWS\system32\w00374bf.dll -> Downloader.Agent.ahv : Cleaned with backup C:\WINDOWS\Temp\bw2.com -> Adware.Zestyfind : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\WINDOWS\Temp\Cookies\paul@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/GetAccess.class -> Downloader.OpenConnection.aj : Cleaned with backup C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/Installer.class -> Downloader.OpenConnection.aj : Cleaned with backup C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/NewSecurityClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\1ZR1TOGT\jrl[1].jar/NewURLClassLoader.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\FS83V5RY\video[1].wmf -> Exploit.MS05-053-WMF : Cleaned with backup C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup :: Report End And finally here his my HJT log Logfile of HijackThis v1.99.1 Scan saved at 14:29:26, on 17/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\WallMaster\wallmast.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Paul\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [w00374bf.dll] RUNDLL32.EXE w00374bf.dll,I2 00071bff000374bf O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087 O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Thanks Again Last edited by paul_kimber; 04-17-2006 at 07:32 AM.

04-17-2006, 09:06 AM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,151 OS: 2000 Pro; XP Pro; XP Home	Good job, L2M was choking your system! Please disable Ewido Security Suite's Guard by doing the following, as it may hinder the removal of some entries: Open ewido by double-clicking the yellow 'e' icon in the system tray. In the 'Your security status' section, toggle the ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'. When you reboot, ewido will prompt you as to whether you would like to "Restart the guard?". Reply "No" and set it to ''inactive'' for the duration of your cleanup. --------------------------------------------------------------------------------------------- Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any): O4 - HKLM\..\Run: [w00374bf.dll] RUNDLL32.EXE w00374bf.dll,I2 00071bff000374bf --------------------------------------------------------------------------------------------- CLEAR & RESET SYSTEM RESTORE'S CACHE Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter * Tick on the checkbox - Turn off System Restore on all drives * Click Apply Turn it back 'On' by unticking the same checkbox & click Apply, and then OK --------------------------------------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------- Updating Java and Clearing Cache* Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel. It will say "Java Plug-in" under the icon. Please find the update button or tab in the Java Control Panel. Update your Java then reboot. If you are unable to update you can manually update by going here: http://www.java.com/en/download/manual.jsp After the reboot, go back into the Control Panel and double-click the Java Icon. Under Temporary Internet Files, click the Delete Files button. There are three options in the window to clear the cache - Leave ALL 3 Checked Downloaded Applets Downloaded Applications Other Files Click OK on Delete Temporary Files Window Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. Click OK to leave the Java Control Panel. You should then Uninstall J2SE Runtime Environment Update 3 --------------------------------------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Create an uninstall list: Open HiJackThis Click on the configure button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post Please return with results from: Panda HJT Uninstall list How is your system behaving now, please? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-17-2006, 04:12 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,151 OS: 2000 Pro; XP Pro; XP Home	Good job. Just a bit more work to do.... Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Delete the following if they exist: C:\WINDOWS\dh.ini C:\WINDOWS\drsmartload2.dat C:\PROGRAM FILES\webHancer C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. --------------------------------------------------------------------------------------------- Run this final online scan, as it may see what the other may not: Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-18-2006, 06:25 PM	#7 (permalink)
paul_kimber Registered User Join Date: Mar 2005 Posts: 23 OS: Windows XP	Hi there sorry for the delay. Here is my HJT Log Logfile of HijackThis v1.99.1 Scan saved at 01:16:32, on 19/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Paul\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1141144390795 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145223860087 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe And here is my Kaspersky report. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, April 19, 2006 1:01:43 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 18/04/2006 Kaspersky Anti-Virus database records: 188771 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 36909 Number of viruses found: 2 Number of infected objects: 63 Number of suspicious objects: 0 Duration of the scan process: 01:16:22 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adi3d2ag.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/adledit.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ccadmin.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cccdll.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cgcisco.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/cjrpol.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/CKCL150.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dfound3d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/dwnmodem.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/en4ul1h91.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/enlul1391.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/f4j20e1oeh.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/fp0s03d7e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/gtkrsrc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ibrdbg32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iglogmsg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/iHsads.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ihwphbk.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ii41_qc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ipuv_32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir4ol5h31.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/ir6ql5j51.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/irpol5731.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/kmdgae.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/l0n4la5q1d.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lacwmi.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lbbeay32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lorhelp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvr8099ue.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/lvrs0997e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m6lslg3716.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/m8rm0i91e8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mlsystem.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mpasn1.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/mvmdd.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nblanui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nflanui2.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nkshrui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nlshrui.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nudll.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/nutmsg.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/okethk32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/oneacc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pIutoenr.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pltorsvc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/pqotowiz.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/q4860elsehq60.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/rqpcfgex.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sdxcoins.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sle.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/sspblb.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/udrfaxa.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/uzrdpa.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/vha.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wmnshfhc.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wnnfax.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip/dlls/wtw32.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip ZIP: infected - 57 skipped C:\Documents and Settings\Paul\My Documents\Anti Spyware Software\XoftSpy421_169.exe/data0013 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Documents and Settings\Paul\My Documents\Anti Spyware Software\XoftSpy421_169.exe NSIS: infected - 1 skipped C:\Program Files\PPLive TV\SynaLiveSetup.exe/stream/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Program Files\PPLive TV\SynaLiveSetup.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Program Files\PPLive TV\SynaLiveSetup.exe NSIS: infected - 2 skipped Scan process completed. Thanks once again

04-18-2006, 09:15 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,151 OS: 2000 Pro; XP Pro; XP Home	Well, now you've somehow gotten some new crapware that weren't on your system before. Where did you get Xoftspy? It seems as if it's infected. I'd recommend you remove it. There are better programs available for anti malware purposes. We have to take a step back and do a through cleaning again. I'll add some protection layers as well. Please refrain from internet use, except for cleaning, utill we have this resolved. Download LSPFix as we may need it later. Please update Ewido, and run a scan where I have it palced in this fix. You will need to update Ewido to the latest definition files. On the left hand side of the main screen click update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Disconnect from the internet. --------------------------------------------------------------------------------------------- Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. --------------------------------------------------------------------------------------------- Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist: NewDotNet or New.Net Domains SaveUninst.exe. WhenU Xoftspy --------------------------------------------------------------------------------------------- Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any): O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" While running Hijackthis, verify if these entries still exist: O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net If they exist, we would be required to run LSPFix.exe Instructions for using LSPFix Double click on LSPFix.exe to run it. Once running, you will be required to tick the disclaimer - "I know what I'm doing". You'll find a windows with 2 panes. In the left pane which is labeled 'Keep', select all instances of: NEWDOTNET or newdotnet7_22.dll Then click on the arrow pointing to the right, >>. This will move the entry to the right pane labeled 'Remove' Click the Finish button to complete the fix. Only entries similar to NEWDOTNET need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me. --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following if they exist: C:\Program Files\NewDotNet C:\Program Files\Save C:\Documents and Settings\Paul\Desktop\l2mfix\backup.zip C:\Documents and Settings\Paul\My Documents\Anti Spyware Software\XoftSpy421_169.exe Run the ATF Cleaner again. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. --------------------------------------------------------------------------------------------- Restart in normal mode. --------------------------------------------------------------------------------------------- Establish an internet connection --------------------------------------------------------------------------------------------- Download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.php#adaware for better scan results. Run the scan and fix everything that it finds. Perform an online scan with Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button). Follow the prompts to install the ActiveX controls It will say "Loading TrendMicro definitions". Click "Start Scan" After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click "Clean Threats Now". Click Exit. Reboot your computer. I then need you to repeat the same procedure above again using the TrendMicro tool. --------------------------------------------------------------------------------------------- Run a new scan with Kaspersky, save the results and post them here. --------------------------------------------------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Download IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Download Host.zip to your desktop. From your Desktop right-click (hosts.zip) and select: Extract All from the menu. Click Next, click Next, select the option: "Show Extracted files", click Finish This will open the newly created hosts folder on your Desktop. Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine. Download SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items So, please return with logs from: Ewido Kaspersky HJT __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? ** Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009 Last edited by tetonbob; 04-18-2006 at 09:19 PM.