Save the file to your desktop and double click l2mfix.exe.
Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop.
Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.
Copy the contents of that log and paste it into this thread.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until I ask you to.
one more thing this item here you don't need to be running this junk
so if you want to remove it just goto Control Panel Add/Remove Programs
& Uninstall/Remove KaZaA Lite
Ok lit's try this the hard way
Make sure you can view hidden and system files: Instructions here
Once in Safe Mode lit's do a file Search for these items here if found delete them
C:\WINDOWS\SYSTEM\IYMP.DLL
C:\WINDOWS\SYSTEM\PoMas.dll
C:\WINDOWS\SYSTEM\tstu\!update-2234.0000
C:\WINDOWS\SYSTEM\utdt.exe
C:\WINDOWS\SYSTEM\in10b6.dll
C:\WINDOWS\SYSTEM\EVPTAPI.dll
C:\WINDOWS\INF\BI4.INF
C:\WINDOWS\INF\BIK.INF
C:\WINDOWS\ru.exe
C:\WINDOWS\m190309.exe
C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe
C:\WINDOWS\Downloaded Program Files\On01.inf
& get this here out of the way
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
Also do this here for me please
To disable Windows Me System Restore
1. Click Start > Settings > Control Panel.
2. Double-click the System icon.
Note: If the System icon is not visible, click "View all Control Panel options" to display it.
3. On the Performance tab click File System.
4.Click the Troubleshooting tab, and then check Disable System Restore
5.Click OK. Click Yes, To restart Windows.
To enable Windows Me System Restore
After you have restarted, turn System Restore back on
1. Click Start > Settings > Control Panel.
2. Double-click System.
3. On the Performance tab click File System.
4. On the Troubleshooting tab, uncheck Disable System Restore.
5. Click OK. Click Yes, when you are prompted to restart Windows.
NOTE: please make sure to do a new System Restore Point after the restart.
All of the files you listed were deleted except for PoMas.dll. I just set Hijack This to delete it on a reboot. It did, and I'm glad to say that these pop-ups are completely gone. Haven't had a single one in the past day. Thanks for all the help, it's greatly appreciated.
Sad to say this problem has returned yet again. McAfee scan so far has found the Trojan VeryLince ... very slow running scan.
Spybot & Ad-Aware and various other scans only come up with tracking cookies
I tried going into Windows\System and deleting UTDT but it did not seem to be there.. even though Hidden files are set to be shown.
Here is the latest Hijack This scan ....
Logfile of HijackThis v1.99.1
Scan saved at 12:43:03 AM, on 8/2/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
I have a firewall through my SBC Yahoo DSL software, is that good enough?
It seems that my Windows ME machine only gets hit with spyware. I have a Windows XP machine running on the same home network and it never has any spyware problems.
Here is the Panda Active Scan result. ALL files have been deleted..either by changing file attributes in DOS and deleting or going into safe mode and deleting. The Panda Scan took about 4 hours to complete.
(had to attach scan result as it was too many characters)
One more question .. the display on my monitor is a little weird. Could this be because of all the spyware? (see attached jpg)
1. Click Start > Settings > Control Panel.
2. Double-click the System icon.
Note: If the System icon is not visible, click "View all Control Panel options" to display it.
3. On the Performance tab click File System.
4.Click the Troubleshooting tab, and then check Disable System Restore
5.Click OK. Click Yes, To restart Windows.
To enable Windows Me System Restore
After you have restarted, turn System Restore back on
1. Click Start > Settings > Control Panel.
2. Double-click System.
3. On the Performance tab click File System.
4. On the Troubleshooting tab, uncheck Disable System Restore.
5. Click OK. Click Yes, when you are prompted to restart Windows.
NOTE: Please make a new Restore Point as soon as you reboot.
& get this here out of the way
and this prog here will help keep your PC clean.
popular programs for doing this, is a freeware program Called Crap Cleaner. Crap Cleaner is a single utility that lets you clear your Cookies, Internet Explorer History, Empty the Recycle Bin, Uninstall Programs, Clear Usage Tracks and much more. As well as this, it has an Advanced Registry Scanner. Using a program like this is one of the easiest methods.
make sure to use the option to clean out the Downloaded Programs Files folder.
Once you are done with all of the above do this here right away.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
1. Change the Download signed ActiveX controls to Prompt
2. Change the Download unsigned ActiveX controls to Disable
3. Change the Initialize and script ActiveX controls not marked as safe to Disable
4. Change the Installation of desktop items to Prompt
5. Change the Launching programs and files in an IFRAME to Prompt
6. Change the Navigate sub-frames across different domains to Prompt
7. When all these settings have been made, click on the OK button.
8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
then come back here give us feedback as to how the PC is.
& yes some spyware can do this but we will not no till we are clean.
Senior Member
Re: Random annoying pop-ups... 
