# Solved: Randomly opening pages! *muon.html



## havan (Apr 15, 2006)

*My system starts to open random pages usualy ended with moun.html
There was nothingh two days ago. Now Hijack This report looks like below,

Can anyone help please?

I read another thread and dowload HiJackThis, Hoster, L2mFix, Spy Sweeper...
But I'm not sure theses will work for my system tool. So I'm here asking...*

Logfile of HijackThis v1.99.1
Scan saved at 06:32:44, on 15.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Softwin\BitDefender9\bdoesrv.exe
D:\progra~1\softwin\bitdef~1\bdnagent.exe
D:\progra~1\softwin\bitdef~1\bdswitch.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
D:\Program Files\BitLord\BitLord.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Blue Security\bluefrog.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.BIN
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Softwin\BitDefender9\vsserv.exe
d:\progra~1\softwin\bitdef~1\bdmcon.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.63.20.95:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] d:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "d:\progra~1\softwin\bitdef~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "d:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [News Alert] D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Blue Frog] D:\Program Files\Blue Security\bluefrog.exe
O4 - HKCU\..\Run: [Brou] "D:\Program Files\eics\sabs.exe" -vt yazr
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.9.109.lnk = D:\Program Files\OpenOffice.org 1.9.109\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Nls - D:\WINDOWS\system32\t2r8lc9u1f.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - D:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------



## brendandonhu (Jul 8, 2002)

Run *HijackThis* and click *Open the Misc Tools section*
Click *Open Uninstall Manager*>>*Save list* and save the log to your Desktop
A list of programs will open in *Notepad*. Post the contents of the log here


----------



## havan (Apr 15, 2006)

Thanks for helping, here is the installed programs;

Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.7
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Ares 1.9.0
Audio Conversion Wizard 1.8
Audio Files GDS Indexer 1.0
AutoCAD 2005 - English
Autodesk DWF Viewer
BitDefender 9 Internet Security
BitLord 1.1
BK's Winamp Ext.
Blender (remove only)
Blue Frog
BSPlayer
BvTLiveTv
Canon PhotoRecord
Canon PIXMA iP1500
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Class Creator Bob Version 1.0.3
ColorNick v2 plugin for Messenger Plus!
CZ1 Simulation
Dassault Systemes Software B16
DivX
DivX Player
DSC108
DU Meter
Easy-WebPrint
EncVorbis 1.1
ewido anti-malware
FlashGet(JetCar)
GalleryPlayer Images
GD Winamp Control
gdRSS Beta 1.03
GoldWave v5.12
Google Desktop
Google Desktop MSN Plugin
Google Desktop Plugin - Calendar
Google Desktop Plugin - kCalendar
Google Desktop Plugin - Session Control
Google Desktop Plugin - Timer
Google Earth
Google Pack Screensaver
Google Toolbar for Internet Explorer
Google Updater
Hamachi 0.9.9.9
HDDlife plug-in for Google Desktop 1.1
HijackThis 1.99.1
Hopper (Messenger Plus! plug-in)
Hullspeed 
Hydrolink 
Hydromax Pro
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Maxsurf Pro
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft Combat Flight Simulator 3.0
Microsoft Office XP Professional with FrontPage
Microsoft Windows Media Video 9 VCM
mRouterRunTime
MSN Messenger 7.5
Nero 7 Demo
News Alert
NVIDIA Drivers
OpenAL
OpenOffice.org 1.9.109
Pontifex II
PowerDVD
Prefit 
Profili 2
Proyacht
QuickTime
RealArcade
RealPlayer
Realtek AC'97 Audio
Seakeeper 
Siemens Data Suite SX1
SimulatorBob
SmartMovie Converter (for Symbian phones)
Span 
Spy Sweeper
Spybot - Search & Destroy 1.4
StuffPlug-NG (Messenger Plus! Plugins)
Tech MagicBall 2.1
Warblade v1.2E
Warblade v1.2X Demo
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Kodlay&#305;c&#305;s&#305; 9 Series
Windows Media Kodlay&#305;c&#305;s&#305; 9 Series
Windows Media Player (KB911564) için Güvenlik Güncelle&#351;tirmesi
Windows Media Player 10
Windows Media Player 10 (KB911565) için Güvenlik Güncelle&#351;tirmesi
Windows XP Düzeltme - KB873339
Windows XP Düzeltme - KB885250
Windows XP Düzeltme - KB885835
Windows XP Düzeltme - KB885836
Windows XP Düzeltme - KB885884
Windows XP Düzeltme - KB886185
Windows XP Düzeltme - KB887472
Windows XP Düzeltme - KB887742
Windows XP Düzeltme - KB888113
Windows XP Düzeltme - KB888302
Windows XP Düzeltme - KB890859
Windows XP Düzeltme - KB891781
Windows XP için Güncelle&#351;tirme (KB894391)
Windows XP için Güncelle&#351;tirme (KB898461)
Windows XP için Güncelle&#351;tirme (KB910437)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB890046)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB893066)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB893756)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB896358)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB896422)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB896423)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB896424)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB896428)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB899587)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB899589)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB899591)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB900725)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB901017)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB901214)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB902400)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB904706)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB905414)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB905749)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB905915)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB908519)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB911927)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB912919)
Windows XP için Güvenlik Güncelle&#351;tirmesi (KB913446)
WinRAR ar&#351;iv yöneticisi
Workshop Pro
Worms World Party


----------



## brendandonhu (Jul 8, 2002)

Go to *Start*>>*Control Panel*>>*Add or Remove Programs*
Uninstall any of the following programs that appear in the list:
*
ColorNick v2 plugin for Messenger Plus!
Hopper (Messenger Plus! plug-in)
Messenger Plus! 3
StuffPlug-NG (Messenger Plus! Plugins)

*​Run *HijackThis* and click *Do a system scan only*
Put a checkmark next to each of the following entries that appear:
*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Brou] "D:\Program Files\eics\sabs.exe" -vt yazr
O20 - Winlogon Notify: Nls - D:\WINDOWS\system32\t2r8lc9u1f.dll
*​
Click *Fix Checked* and exit *HijackThis*

Download L2mfix from http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. Wait for advice on what to do with this log.


----------



## havan (Apr 15, 2006)

I do what you say, but the these two entries were not included in HijackThis report. I say it just in case

O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart


Here is the L2mFix Report;

L2MFIX find log 032106
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\t2r8lc9u1f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{D74CBBCF-6A7D-FA2F-6D53-23330FA93B11}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="oklu Ortam Dosyas zellik Sayfas"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Tarayc Ynetimi"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Gvenlik Sayfas"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE DOCFIlE zellik Sayfas"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Paylam iin kabuk uzantlar"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Grnt Birimi CPL Uzants"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Grnt Paneli CPL Uzants"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Gvenlik Sayfas"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Uyumluluk Sayfas"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Kabuk Atk Veri leyicisi"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disket Kopyalama Uzants"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Microsoft Windows Network nesneleri iin kabuk uzantlar"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitr Ynetimi"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Yazc Ynetimi"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Dosya sktrma iin kabuk uzantlar"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Yazcs Kabuk Uzants"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="ifreleme erik Mens"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Evrak antas"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Yaz Tipleri"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profili"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Yazc Gvenlik Sayfas"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Paylam iin kabuk uzantlar"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="ifrelenmi PKO Uzants"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="ifrelenmi mza Uzants"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="A§ Ba§lantlar"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="A§ Ba§lantlar"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="&Tarayclar ve Kameralar"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="&Tarayclar ve Kameralar"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="&Tarayclar ve Kameralar"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="&Tarayclar ve Kameralar"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="&Tarayclar ve Kameralar"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Veri Ba§lants"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Zamanlanm Grevler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Grev ubu§u ve Balat Mens"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Ara"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Yardm ve Destek"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Yardm ve Destek"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="altr..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-posta"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Ynetimsel Aralar"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="nceki Srmler zellik sayfas"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="nceki Srmler"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Ara ubu§u"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Ykleme Durumu"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Geniletilmi Kabuk Klasr"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Geniletilmi Kabuk Klasr 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Arama Bant"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="Blme ii arama"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Aramas"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Kayt Defteri A§a Seenekleri Hizmet Program"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adres"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Adres EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft Otomatik Tamamla"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU Otomatik Tamamlama Listesi"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="zel MRU Otomatik Tamamlanan Liste"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Eriilebilir"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="zleme Alr ubu§u"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft Gemi Otomatik Tamamlama Listesi"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Kabuk Klasr Otomatik Tamamlama Listesi"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Birden ok Otomatik Tamamlama Listesi Kab"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Kabuk Bant Sitesi Mens"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Kabuk DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="Kullanc Yardm"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Genel Klasr Ayarlar"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url Gemi Servisi"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Gemi"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Arama Kancas"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Giri Ekran"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Gezgin Bant"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX nbellek Klasr"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Abonelik Klasr"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Kabuk Uygulamas Yneticisi"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Ykl Uygulama Numaralycs"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ dosya kk resmi ayklaycs"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Kk Resim tutamac (DOCFILES) zet Bilgisi"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Kk Resim Ayklaycs"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web'de Yaymlama Sihirbaz"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Web zerinden Bask Siparii"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Kabuk Yaymlama Sihirbaz"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport Alma Sihirbaz"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Kullanc Hesaplar"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Kanal Dosyas"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Kanal Ksayolu"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Kanal leyici Nesnesi"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="evrimd Dosyalar Klasr"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Kiiler..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{A70C977A-BF00-412C-90B7-034C51DA2439}"="NvCpl DesktopContext Class"
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}"="Play on my TV helper"
"{1CDB2949-8F65-4355-8456-263E7C208A5D}"="Desktop Explorer"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}"="Desktop Explorer Menu"
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}"="nView Desktop Context Menu"
"{ED65AC21-B24F-11d3-BA80-00C0CA16AA37}"="Siemens SX1"
"{ED65AC22-B24F-11d3-BA80-00C0CA16AA37}"="Siemens SX1 ContextMenuHandler"
"{ED65AC23-B24F-11d3-BA80-00C0CA16AA37}"="Siemens SX1 PropertySheetHandler"
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}"="OpenOffice.org Column Handler"
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}"="OpenOffice.org Infotip Handler"
"{63542C48-9552-494A-84F7-73AA6A7C99C1}"="OpenOffice.org Property Sheet Handler"
"{3B092F0C-7696-40E3-A80F-68D74DA84210}"="OpenOffice.org Thumbnail Viewer"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Klasrleri"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}"="AutoCAD Digital Signatures Icon Overlay Handler"
"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}"="Autodesk Drawing Preview"
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}"="Autodesk DWF Preview"
"{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}"="IZArc DragDrop Menu"
"{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}"="IZArc Shell Context Menu"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{22BBDE43-CD77-48D4-B404-B9ED19ED0B7D}"=""
"{BF915D5A-7CE9-458C-99D1-C198497C6F3D}"=""
"{5D83BF9D-2867-46B7-B711-FAA40F97B82F}"=""
"{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}"=""
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{22BBDE43-CD77-48D4-B404-B9ED19ED0B7D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22BBDE43-CD77-48D4-B404-B9ED19ED0B7D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22BBDE43-CD77-48D4-B404-B9ED19ED0B7D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{22BBDE43-CD77-48D4-B404-B9ED19ED0B7D}\InprocServer32]
@="D:\\WINDOWS\\system32\\picrt.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{BF915D5A-7CE9-458C-99D1-C198497C6F3D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BF915D5A-7CE9-458C-99D1-C198497C6F3D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BF915D5A-7CE9-458C-99D1-C198497C6F3D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{BF915D5A-7CE9-458C-99D1-C198497C6F3D}\InprocServer32]
@="D:\\WINDOWS\\system32\\vymredir.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5D83BF9D-2867-46B7-B711-FAA40F97B82F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D83BF9D-2867-46B7-B711-FAA40F97B82F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D83BF9D-2867-46B7-B711-FAA40F97B82F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5D83BF9D-2867-46B7-B711-FAA40F97B82F}\InprocServer32]
@="D:\\WINDOWS\\system32\\cfm.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}\InprocServer32]
@="D:\\WINDOWS\\system32\\mostdfmt.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

D:\WINDOWS\SYSTEM32\
divx.dll Thu 26 Jan 2006 21:36:02 A.... 574.976 561,50 K
divxwm~1.dll Tue 24 Jan 2006 21:08:30 A.... 12.288 12,00 K
divx_x~1.dll Thu 26 Jan 2006 21:36:00 A.... 679.936 664,00 K
divx_x~2.dll Thu 26 Jan 2006 21:36:00 A.... 679.936 664,00 K
divx_x~3.dll Thu 26 Jan 2006 21:36:00 A.... 663.552 648,00 K
g4402e~1.dll Sat 15 Apr 2006 5:49:04 ..S.R 236.238 230,70 K
haspvdd.dll Wed 29 Mar 2006 15:40:12 A.... 6.656 6,50 K
k2080c~1.dll Sat 15 Apr 2006 7:01:52 ..S.R 234.996 229,49 K
mostdfmt.dll Sat 15 Apr 2006 7:01:52 ..S.R 234.194 228,70 K
openal32.dll Tue 4 Apr 2006 17:59:42 A.... 86.016 84,00 K
pncrt.dll Tue 28 Feb 2006 4:09:06 A.... 278.528 272,00 K
pndx5016.dll Tue 28 Feb 2006 4:09:08 A.... 6.656 6,50 K
pndx5032.dll Tue 28 Feb 2006 4:09:08 A.... 5.632 5,50 K
rmoc3260.dll Tue 28 Feb 2006 4:09:26 A.... 176.167 172,04 K
rssimpl.dll Fri 3 Mar 2006 4:26:26 A.... 241.664 236,00 K
sirenacm.dll Tue 24 Jan 2006 20:34:24 A.... 118.784 116,00 K
sockspy.dll Fri 14 Apr 2006 16:25:16 A.... 73.728 72,00 K
t2r8lc~1.dll Sat 15 Apr 2006 5:05:16 ..S.R 234.194 228,70 K
wrap_oal.dll Tue 4 Apr 2006 17:59:42 A.... 409.600 400,00 K
wrlogo~1.dll Wed 25 Jan 2006 11:06:02 A.... 492.544 481,00 K
wrlzma.dll Wed 25 Jan 2006 11:05:58 A.... 17.920 17,50 K
xcomm.dll Fri 14 Apr 2006 16:11:50 A.... 77.824 76,00 K

22 items found: 22 files (4 H/S), 0 directories.
Total of file sizes: 5.542.029 bytes 5,29 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
D srcs birimi: WinXP
Birim Seri Numaras: A85E-8B16

D:\WINDOWS\System32 dizini

15.04.2006 07:01 234.194 mostdfmt.dll
15.04.2006 07:01 234.996 k2080cduef080.dll
15.04.2006 05:49 236.238 g4402ehmgh4a2.dll
15.04.2006 05:05 235.812 cfm.dll.viruslu
15.04.2006 05:05 234.194 t2r8lc9u1f.dll
08.03.2006 08:17 dllcache
26.10.2005 21:06 Microsoft
5 Dosya 1.175.434 bayt
2 Dizin 4.397.985.792 bayt bo


----------



## brendandonhu (Jul 8, 2002)

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log


----------



## havan (Apr 15, 2006)

I did as you say, but after reboot there is no icon disappearing, and nothing opened in Notepad, I opened l2mfix folder and open log.txt that follows below. I don't think that l2mfix do scaning after the reboot. On my system, there is Spy Sweeper and Bitdefender. Should I uninstall them before do that l2mfix fix? Anyway here's the result of HijackThis and log.txt from l2mfix folder;

Logfile of HijackThis v1.99.1
Scan saved at 07:58:33, on 15.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Softwin\BitDefender9\vsserv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender9\bdoesrv.exe
D:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe
D:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Blue Security\bluefrog.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.BIN
D:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.63.20.95:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] d:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "D:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [News Alert] D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Blue Frog] D:\Program Files\Blue Security\bluefrog.exe
O4 - Startup: OpenOffice.org 1.9.109.lnk = D:\Program Files\OpenOffice.org 1.9.109\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: sockspy.dll D:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: Hints - D:\WINDOWS\system32\t2r8lc9u1f.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - D:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

*-------------------------------------------------------------------------------*

L2mfix 032106
Creating Account.
Komut baaryla tamamland.

Adding Administrative privleges. 
Checking for L2MFix account(0=no 1=yes): 
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
D:\WINDOWS\system32

Killing Processes! 
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administrators ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Telephony]
"Asynchronous"=dword:00000000
"DllName"="D:\\WINDOWS\\system32\\t2r8lc9u1f.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

The following are the files found: 
****************************************************************************

Registry Entries that were Deleted: 
Please verify that the listing looks ok. 
If there was something deleted wrongly there are backups in the backreg folder. 
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}\InprocServer32]
@="D:\\WINDOWS\\system32\\mostdfmt.dll"
"ThreadingModel"="Apartment"

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents: 
****************************************************************************
****************************************************************************
Checking for L2MFix account(0=no 1=yes): 
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/22BBDE43-CD77-48D4-B404-B9ED19ED0B7D.reg (212 bytes security) (deflated 70%)
adding: backregs/5D83BF9D-2867-46B7-B711-FAA40F97B82F.reg (212 bytes security) (deflated 70%)
adding: backregs/B05BB21D-0A88-4EDE-9EA2-6F6F140DAC2A.reg (212 bytes security) (deflated 70%)
adding: backregs/BF915D5A-7CE9-458C-99D1-C198497C6F3D.reg (212 bytes security) (deflated 70%)
adding: backregs/notibac.reg (164 bytes security) (deflated 87%)
adding: backregs/shell.reg (164 bytes security) (deflated 72%)


----------



## brendandonhu (Jul 8, 2002)

Please download Look2Me-Destroyer.exe to your desktop.

* Close all windows before continuing.
* Double-click Look2Me-Destroyer.exe to run it.
* Put a check next to Run this program as a task.
* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
* Once it's done scanning, click the Remove L2M button.
* You will receive a Done Scanning message, click OK.
* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
* Your computer will then shutdown.
* Turn your computer back on.
* Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


----------



## havan (Apr 15, 2006)

OK, the Look2Me-Destroyer and new HiJackThis log;

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 15.04.2006 08:19:16

Infected! D:\WINDOWS\system32\t2r8lc9u1f.dll

Attempting to delete infected files...

Attempting to delete: D:\WINDOWS\system32\t2r8lc9u1f.dll
D:\WINDOWS\system32\t2r8lc9u1f.dll could not be deleted!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{49C9C9C1-1250-47A9-B8FE-6A1E2633C616}"
HKCR\Clsid\{49C9C9C1-1250-47A9-B8FE-6A1E2633C616}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

_____________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 08:26:46, on 15.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\Softwin\BitDefender9\vsserv.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
D:\Program Files\Softwin\BitDefender9\bdoesrv.exe
D:\progra~1\softwin\bitdef~1\bdnagent.exe
D:\progra~1\softwin\bitdef~1\bdswitch.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Blue Security\bluefrog.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.BIN
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.63.20.95:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDMCon] d:\PROGRA~1\softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "D:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "D:\PROGRA~1\softwin\BITDEF~1\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "D:\PROGRA~1\softwin\BITDEF~1\bdswitch.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [News Alert] D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Blue Frog] D:\Program Files\Blue Security\bluefrog.exe
O4 - Startup: OpenOffice.org 1.9.109.lnk = D:\Program Files\OpenOffice.org 1.9.109\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - D:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - D:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------



## brendandonhu (Jul 8, 2002)

Save *KillBox* to your *Desktop*

Run *KillBox* and select *Delete on Reboot*
Copy this list of file and folder locations to your clipboard:
*
D:\WINDOWS\system32\t2r8lc9u1f.dll
*​Go to *File*>>*Paste from clipboard*. Click *All Files*
Press the button with a red circle with an X in it, then *Yes* when prompted to restart your computer
*WARNING:* Your computer will be restarted. Any unsaved work in open applications will be lost.​Go to *Kaspersky Online Scanner* and click *Accept*
When the updates are finished downloading, click *Next*>>*Scan Settings*
Under *Scan using the following antivirus database:*, select *extended*
Make sure the *Scan Archives* and *Scan Mail Bases* options are selected as well. Click *OK*
Click *My Computer* and wait for the scan to finish
Click *Save Report As*. Under *Save as type:*, select *Text file*. Save this log to your *Desktop* and post a copy of it here


----------



## havan (Apr 15, 2006)

*KillBox* thingy did not work for me. It gave error message after the restart countdown. Then I uninstalled *BitDefender* and *Spy Sweeper*. After that I *rerun* the *Look2Me-Destroyer* after the reboot this is the result;

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 15.04.2006 08:45:02

Infected! D:\Program Files\Softwin\BitDefender9\Quarantine\vymredir.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP111\A0040824.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040832.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041204.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041213.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043216.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043233.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043329.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043345.dll
Infected! D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0044531.dll
Infected! D:\WINDOWS\system32\ir0ml5d11.dll
Infected! D:\WINDOWS\system32\kvdsw.dll
Infected! D:\WINDOWS\system32\lvj0091me.dll

Attempting to delete infected files...

Attempting to delete: D:\Program Files\Softwin\BitDefender9\Quarantine\vymredir.dll
D:\Program Files\Softwin\BitDefender9\Quarantine\vymredir.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP111\A0040824.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP111\A0040824.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040832.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040832.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041204.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041204.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041213.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041213.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043216.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043216.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043233.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043233.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043329.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043329.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043345.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0043345.dll Deleted successfully!

Attempting to delete: D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0044531.dll
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0044531.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\ir0ml5d11.dll
D:\WINDOWS\system32\ir0ml5d11.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\kvdsw.dll
D:\WINDOWS\system32\kvdsw.dll Deleted successfully!

Attempting to delete: D:\WINDOWS\system32\lvj0091me.dll
D:\WINDOWS\system32\lvj0091me.dll Deleted successfully!

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

*And here is the Hijackthis log;
*

Logfile of HijackThis v1.99.1
Scan saved at 08:55:51, on 15.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Blue Security\bluefrog.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.BIN
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.63.20.95:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [News Alert] D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Blue Frog] D:\Program Files\Blue Security\bluefrog.exe
O4 - Startup: OpenOffice.org 1.9.109.lnk = D:\Program Files\OpenOffice.org 1.9.109\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - D:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

*
Should I do KillBox now? Or just Kaspersky virus scaning? Thanks for all...*


----------



## brendandonhu (Jul 8, 2002)

Just run Kaspersky and post the results.


----------



## havan (Apr 15, 2006)

Here is the Kaspersky report;

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 15, 2006 3:04:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 15/04/2006
Kaspersky Anti-Virus database records: 188172
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 219697
Number of viruses found: 19
Number of infected objects: 92
Number of suspicious objects: 0
Duration of the scan process: 03:14:16

Infected Object Name / Virus Name / Last Action
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen\bitdefender_isecurity_v9.exe/bdis.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen\bitdefender_isecurity_v9.exe/bdis.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen\bitdefender_isecurity_v9.exe/bdis.msi	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen\bitdefender_isecurity_v9.exe	CAB: infected - 3	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen.rar/bitdefender_isecurity_v9.exe/bdis.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen.rar/bitdefender_isecurity_v9.exe/bdis.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen.rar/bitdefender_isecurity_v9.exe/bdis.msi	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen.rar/bitdefender_isecurity_v9.exe	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\BitDefender Professional Plus 9.09 +key gen.rar	RAR: infected - 4	skipped
C:\ARŞİV\SYMBIAN\Series 60\Restart.SIS/!:\System\Apps\Restart\Restart.APP	Infected: Trojan.SymbOS.Skuller.gen	skipped
C:\ARŞİV\SYMBIAN\Series 60\Restart.SIS	SIS: infected - 1	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041156.exe	Infected: Trojan-Downloader.Win32.Adload.an	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041157.exe	Infected: Trojan-Downloader.Win32.Small.buy	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041158.exe/data0002	Infected: Trojan-Clicker.Win32.Small.jf	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041158.exe	NSIS: infected - 1	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041159.exe/data0002/data0006	Infected: Trojan-Dropper.Win32.VB.kk	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041159.exe/data0002	Infected: Trojan-Dropper.Win32.VB.kk	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041159.exe	NSIS: infected - 2	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041173.exe	Infected: Trojan-Downloader.Win32.Adload.ae	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041175.exe	Infected: Trojan-Downloader.Win32.VB.aad	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041203.exe	Infected: Trojan-Clicker.Win32.VB.mo	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041209.exe	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped
C:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041562.exe	Infected: Backdoor.Win32.VB.ary	skipped
C:\thief\OYUN\WinBejSetup-dm.exe	Infected: not-a-virus:AdWare.Win32.Trymedia.a	skipped
D:\Documents and Settings\thief®\Local Settings\Temporary Internet Files\Content.IE5\OHMNW5ER\Installer[1].exe	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped
D:\Documents and Settings\thief®\Local Settings\Temporary Internet Files\Content.IE5\WXMBWPEJ\keyboard11[1].exe	Infected: Backdoor.Win32.VB.ary	skipped
D:\Documents and Settings\thief®\Local Settings\Temporary Internet Files\Content.IE5\WXMBWPEJ\mousepad11[1].exe	Infected: Trojan-Clicker.Win32.VB.mo	skipped
D:\RECYCLER\S-1-5-21-854245398-1844237615-725345543-1003\Dd128.fr414B	Infected: not-a-virus:Monitor.Win32.NetMon.a	skipped
D:\RECYCLER\S-1-5-21-854245398-1844237615-725345543-1003\Dd129.fr3730	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\RECYCLER\S-1-5-21-854245398-1844237615-725345543-1003\Dd130.fr4846	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040828.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040828.msi/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040828.msi	Embedded: infected - 2	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040833.exe	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040834.exe	Infected: not-a-virus:Monitor.Win32.NetMon.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\A0040835.dll	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-10.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-11.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-12.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-13.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-14.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-15.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-16.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-17.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-18.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-19.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-2.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-20.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-21.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-22.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-23.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-24.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-25.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-26.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-27.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-28.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-29.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-3.DAT	Infected: not-a-virus:Monitor.Win32.NetMon.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-30.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-31.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-32.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-33.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-34.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-35.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-36.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-37.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-38.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-39.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-4.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-40.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-6.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-7.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP112\snapshot\MFEX-9.DAT	Infected: not-a-virus:AdWare.Win32.CommAd.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041074.sys	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041129.sys	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041160.exe	Infected: VirTool.Win32.Patcher.a	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041161.exe	Infected: Trojan-Dropper.Win32.VB.kk	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041162.exe	Infected: Trojan-Dropper.Win32.Small.ux	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041163.dll	Infected: Trojan-Clicker.Win32.Small.jf	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP113\A0041165.exe	Infected: Trojan-Downloader.Win32.PurityScan.au	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044680.rbf/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365/regspy.sys	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044680.rbf/bdprof.cab.AE3C3951_7A91_4185_B6E7_BA9F78BFE365	Infected: not-a-virus:Monitor.Win32.PCAcme.61	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044680.rbf	Embedded: infected - 2	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044865.dll	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044866.dll	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044867.dll	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP114\A0044868.dll	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP87\A0034557.exe	Infected: Trojan-Downloader.Win32.Small.ckj	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP87\A0034558.exe/run.exe	Infected: Trojan-Downloader.Win32.Small.ckj	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP87\A0034558.exe	ZIP: infected - 1	skipped
D:\System Volume Information\_restore{A809CF0D-8E85-421E-96EF-24AE534DB485}\RP92\A0036974.exe	Infected: not-a-virusorn-Dialer.Win32.PluginAccess.gen	skipped
D:\WINDOWS\system32\cfm.dll.viruslu	Infected: not-a-virus:AdWare.Win32.Look2Me.ab	skipped

Scan process completed.


----------



## brendandonhu (Jul 8, 2002)

Install *CleanUp!*

Go to *Start*>>*Run*. Type *msconfig* and press *Enter*
Click *Launch System Restore* then click *System Restore Settings*
Put a checkmark next to *Turn off system restore on all drives* and click *Apply*>>*OK*
Close *System Restore* utility and the *System Configuration Utility*

Run *CleanUp!* and go to *Options*>>*Custom CleanUp!*
Put a checkmark next to each of the following items:
*
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
*​Click *OK*>>*CleanUp!*
Exit *CleanUp!*

Run *KillBox* and select *Delete on Reboot*
Copy this list of file and folder locations to your clipboard:
*
C:\ARŞİV\Bitdefender\BitDefender Professional Plus 9.09 + key gen\
C:\ARŞİV\SYMBIAN\Series 60\Restart.SIS
D:\WINDOWS\system32\cfm.dll
*​Go to *File*>>*Paste from clipboard*. Click *All Files*
Press the button with a red circle with an X in it, then *Yes* when prompted to restart your computer
*WARNING:* Your computer will be restarted. Any unsaved work in open applications will be lost.​
Go to *Start*>>*Run*. Type *msconfig* and press *Enter*
Click *Launch System Restore* then click *System Restore Settings*
Uncheck *Turn off system restore on all drives* and click *Apply*>>*OK*
Close *System Restore* utility and the *System Configuration Utility*

Let me know if you're still having problems after that.


----------



## havan (Apr 15, 2006)

Here is the Hijackthis log, do you think there is a problem? There is no popups now. :up:

Logfile of HijackThis v1.99.1
Scan saved at 22:53:56, on 15.04.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
D:\Program Files\Blue Security\bluefrog.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.exe
D:\Program Files\OpenOffice.org 1.9.109\program\soffice.BIN
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 156.63.20.95:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] D:\Program Files\Tech\MagicBall\2.1\LWBWHEEL.exe
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [mRouterConfig for Siemens Data Suite SX1] D:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterConfig.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Easy-PrintToolBox] D:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "D:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "D:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [News Alert] D:\Program Files\MSNBC\Alert\NEWSALRT.EXE
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Blue Frog] D:\Program Files\Blue Security\bluefrog.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: OpenOffice.org 1.9.109.lnk = D:\Program Files\OpenOffice.org 1.9.109\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: D:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WRNotifier - D:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - D:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\CATIA-KURULU\B16\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


----------



## brendandonhu (Jul 8, 2002)

Looks better, you can mark this thread Solved under Thread Tools :up:


----------



## xpedxfitz (Jun 10, 2006)

I have run spybot, norton, and adaware and still can't get rid of these pop ups with moun.html. Can someone walk me through getting rid of them once and for all. I see someone else had the same problem. Any help is appreciated.


----------

