Hello, I accidently downloaded this crap on my work computer. By the way I almost always surf with Firefox. Anyway, new IE windows keep opening up, crappy ad sites like inqwire appear etc. I am not very computer knowledgable, but I have allready tried everything suggested in the sticky: adaware, spybot, avg, and a bunch of others, nothing seems to remove this. Please help if possible.

Logfile of HijackThis v1.99.1
Scan saved at 11:41:40 AM, on 2/1/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\WINNT\qwert.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINNT\system32\fuywr.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\windows\winsysban4.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\SYSTEM32\rundll32.exe
D:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe
D:\PROGRA~1\MICROS~1\Office\1033\OLFMOD32.EXE
C:\PROGRA~1\HOSTEX~1.NT\HOSTEX32.EXE
D:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\user\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O1 - Hosts: www.qoologic.com
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IEWebCatcher Class - {FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iserv] C:\WINNT\system32\fuywr.exe
O4 - HKLM\..\Run: [Ddylt] C:\WINNT\mgbndlm.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\wiwiyc.exe reg_run
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\winsysupd4.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000133.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1774cbcd...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.74.86.5/activex/AxisCamControl.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/w...ker/wtinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\o6ns0g57e6.dll
O20 - Winlogon Notify: winqsc32 - C:\WINNT\SYSTEM32\winqsc32.dll
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AolSoftware (aolsoftware) - Unknown owner - C:\WINNT\qwert.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
O23 - Service: Windows Host Name - Unknown owner - C:\WINNT\system32\lmass.exe" -service (file missing)

Hello,andrew2 & Welcome

Yes you have a # of items that need to go so do this first

Please download, install, and update the NEW free version of Ewido trojan scanner:[*]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".[*]When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.[*]From the main ewido screen, click on update in the left menu, then click the Start update button.[*]After the update finishes (the status bar at the bottom will display "Update successful")[*]Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.[*]If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.[*]When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

then show us both the Ewido & Hijackthis logfiles

I also need you to move Hijackthis from where you have it
& place it in a folder in C:\Drive like so C:\HJT

HGD

Ok, I followed your directions. I am still having problems. here is the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:14:02 AM, 2/2/2006
+ Report-Checksum: 3D76B426

+ Scan result:

HKU\S-1-5-21-1275210071-1682526488-1343024091-1000\Software\DNS -> Adware.Shorty : Cleaned with backup
[1224] C:\WINNT\system32\MQV1_0.DLL -> Spyware.Look2Me : Error during cleaning
[1412] C:\WINNT\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\0HSGULRZ\ltndload[1].dll -> Adware.Sud : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6DTRJZIJ\ibycgt[1].cab/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6DTRJZIJ\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\J5QYH504\drsmartload[1].exe -> Downloader.Adload.j : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\XPWISH31\NNSCAA638[1].EXE -> Spyware.NewDotNet : Cleaned with backup
:mozilla.24:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@data2.perf.overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\drsmartload1.exe -> Downloader.Adload.j : Cleaned with backup
C:\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\NNSCAA638.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Adware.Maxifiles : Error during cleaning
C:\Program Files\DNS\Catcher.dll -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\WINNT\cmxgdgerj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINNT\qwert.exe -> Backdoor.SdBot.xd : Cleaned with backup
C:\WINNT\SYSTEM32\AdService.dll -> Trojan.Agent.og : Cleaned with backup
C:\WINNT\SYSTEM32\DKOMEXT.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\fplq0335e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\fprm0391e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\hpsw.exe -> Adware.Suggestor : Cleaned with backup
C:\WINNT\SYSTEM32\j6j60g1se6.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\mvlsl9371.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\titno.exe -> Adware.MDH : Cleaned with backup
C:\WINNT\SYSTEM32\whCC-CLICK.exe/whAgent.exe -> Spyware.WebHancer : Error during cleaning
C:\WINNT\SYSTEM32\winqsc32.dll -> Trojan.Agent.og : Cleaned with backup
C:\WINNT\temp\bw2.com -> Spyware.Zestyfind : Cleaned with backup
C:\WINNT\temp\D0A17.tmp/titno.exe -> Adware.MDH : Error during cleaning
C:\WINNT\temp\i1A.tmp -> Adware.SurfSide : Cleaned with backup


::Report End


___ Here is the HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 10:19:10 AM, on 2/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\MSTask.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINNT\SYSTEM32\rundll32.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
D:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe
D:\PROGRA~1\MICROS~1\Office\1033\OLFMOD32.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IEWebCatcher Class - {FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ddylt] C:\WINNT\mgbndlm.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\windows\winsysupd4.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd4.exe
O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban4.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1774cbcd...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.74.86.5/activex/AxisCamControl.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/w...ker/wtinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O20 - Winlogon Notify: IPConfMSP - C:\WINNT\system32\kt6ol7j31.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: winqsc32 - winqsc32.dll (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
O23 - Service: Windows Host Name - Unknown owner - C:\WINNT\system32\lmass.exe" -service (file missing)

Yikes!

Hi

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so! This Fix must NOT be run in safe mode for it to work.

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

So far, So good. I have run the 12mfix scan:

L2MFIX find log 010406
These are the registry keys present
************************************************** ********************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AdminDebug]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINNT\\system32\\kt6ol7j31.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33, 00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e, 00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
"DllName"="C:\\WINNT\\System32\\NavLogon.dll"
"Logoff"="NavLogoffEvent"
"StartShell"="NavStartShellEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74, 00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winqsc32]
"Asynchronous"=dword:00000001
"DllName"="winqsc32.dll"
"Impersonate"=dword:00000000
"Startup"="EvtStartup"
"Shutdown"="EvtShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

************************************************** ********************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Internet Settings\User Agent\Post Platform]
"{04B89AF5-0F85-39CF-DE86-F2303D5330C3}"=""

************************************************** ********************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{59850401-6664-101B-B21C-00AA004BA90B}"="Microsoft Office Binder Unbind"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"="Adobe.Acrobat.ContextMenu"
"{E5D0C371-1FEB-4D60-9D31-F1A77F2BD2BB}"=""
"{1B0A8346-7B87-49CB-B1CC-CB6278C4CAAB}"=""
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"

************************************************** ********************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E5D0C371-1FEB-4D60-9D31-F1A77F2BD2BB}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\CLSID\{E5D0C371-1FEB-4D60-9D31-F1A77F2BD2BB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5D0C371-1FEB-4D60-9D31-F1A77F2BD2BB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{E5D0C371-1FEB-4D60-9D31-F1A77F2BD2BB}\InprocServer32]
@="C:\\WINNT\\system32\\uep10.dll"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{1B0A8346-7B87-49CB-B1CC-CB6278C4CAAB}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B0A8346-7B87-49CB-B1CC-CB6278C4CAAB}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B0A8346-7B87-49CB-B1CC-CB6278C4CAAB}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{1B0A8346-7B87-49CB-B1CC-CB6278C4CAAB}\InprocServer32]
@="C:\\WINNT\\system32\\TPNTSVRP.DLL"
"ThreadingModel"="Apartment"

************************************************** ********************************
Files Found are not all bad files:

C:\WINNT\SYSTEM32\
0ce8rglo.dll Tue Jan 31 2006 11:03:30a A.... 44,544 43.50 K
gp0ol3~1.dll Wed Feb 1 2006 3:37:54p ..S.R 234,394 228.90 K
jtl007~1.dll Fri Feb 3 2006 9:24:02a ..S.R 234,431 228.93 K
kt6ol7~1.dll Wed Feb 1 2006 9:34:40a ..S.R 234,394 228.90 K
sporder.dll Tue Jan 31 2006 11:19:18a A.... 8,464 8.27 K
tpntsvrp.dll Fri Feb 3 2006 9:25:42a ..S.R 234,272 228.78 K
wmfhot~1.dll Mon Jan 2 2006 10:23:16p A.... 3,584 3.50 K

7 items found: 7 files (4 H/S), 0 directories.
Total of file sizes: 994,083 bytes 970.78 K
Locate .tmp files:

C:\WINNT\SYSTEM32\
guard.tmp Fri Feb 3 2006 9:25:02a ..S.R 234,394 228.90 K

1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 234,394 bytes 228.90 K
************************************************** ********************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 6056-6C28

Directory of C:\WINNT\System32

02/03/2006 09:25a 234,272 TPNTSVRP.DLL
02/03/2006 09:25a 234,394 guard.tmp
02/03/2006 09:24a 234,431 jtl0073me.dll
02/01/2006 03:37p 234,394 gp0ol3d31.dll
02/01/2006 09:34a 234,394 kt6ol7j31.dll
09/08/2005 02:31p <DIR> dllcache
08/12/2004 12:39p <DIR> %SystemDrive%
5 File(s) 1,171,885 bytes
2 Dir(s) 2,283,591,168 bytes free

Hi nice job,

that log was to confirm you had VX2 and yes you do so now let's kill it.


Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter. It will process then start. Your desktop and icons will disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, it will be ready for a reboot. Press any key to reboot. After the reboot notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so! Do Not run in safe mode!!
If after the reboot the log does not open double click on it in the l2mfix folder.

Ok, I did as you requested, unfortunately, popups worse than ever and computer shuting itself down!

L2mfix 010406
Creating Account.
The command completed successfully.


Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (152 bytes security) (deflated 86%)


Logfile of HijackThis v1.99.1
Scan saved at 10:17:42 AM, on 2/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
C:\WINNT\bWFyaWE\command.exe
C:\DMI\WIN32\bin\DellDmi.exe
C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
C:\Program Files\Dell\OpenManage\Client\DLT.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\dmi\win32\bin\Win32sl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\SYSTEM32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Netropa\Multimedia Keyboard\mmusbkb2.exe
C:\winsysban5.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINNT\system32\wgse.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINNT\system32\hpsw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O2 - BHO: Trecker Class - {39C78B50-7E98-4aa0-B007-D83114EA6E0F} - C:\PROGRA~1\Jalmp\jalmp.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: IEWebCatcher Class - {FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Ddylt] C:\WINNT\mgbndlm.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\\winsysban5.exe
O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd5.exe
O4 - HKLM\..\Run: [winsysban] C:\\winsysban5.exe
O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [winsync] C:\WINNT\system32\wiwiyc.exe reg_run
O4 - HKLM\..\Run: [susse] "C:\WINNT\system32\hpsw.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [ukrf] C:\PROGRA~1\COMMON~1\ukrf\ukrfm.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = D:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: xhxh.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://finance.admin.ccny.cuny.edu/C...ses/CFJava.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1774cbcd...p/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://134.74.86.5/activex/AxisCamControl.ocx
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://www.wildtangent.com/install/w...ker/wtinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS2\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O17 - HKLM\System\CS3\Services\Tcpip\..\{BCC85034-8129-4AA2-8789-23875EE41C4D}: NameServer = 134.74.128.7,134.74.16.18
O18 - Filter: text/html - {2F6E85DC-8D2D-4896-8A4F-7DF8A7B1749D} - C:\PROGRA~1\Jalmp\jalmp.dll
O20 - AppInit_DLLs: C:\WINNT\system32\wmfhotfix.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: NetCache - C:\WINNT\system32\n02ulaf91d2.dll
O20 - Winlogon Notify: winqsc32 - winqsc32.dll (file missing)
O23 - Service: ActionAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\ActionAgent.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\bWFyaWE\command.exe
O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe
O23 - Service: DEventAgent - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\EventAgt.exe
O23 - Service: DLT - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\DLT.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINNT\system32\HPZipm12.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe
O23 - Service: Windows Host Name - Unknown owner - C:\WINNT\system32\lmass.exe" -service (file missing)

Hi,


Disable Spyware Doctor/may also be hindering the fix

1. Click the Spyware Doctor icon in the System Tray.
2. Click Settings.
3. Click Startup Settings under Pick a Category.
4. Uncheck Run at Windows startup.
5. Click Apply and Exit Spyware Doctor.


Please download hoster from the link below.

http://www.funkytoad.com/download/hoster.zip

Open Hoster.exe.

Then click on "Restore Original Hosts"

Close program when complete.


Please download this file to your desktop - http://www.mvps.org/winhelp2002/DelDomains.inf

Right click on the file you downloaded and select install. This resets the trusted and restricted zones to defaults.

Note: if you have immunized with Spybot this takes those off. You will have to re-immunize with Spybot. If you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both of those afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.

Reboot.


Please download LSP-Fix from the following link and save it to a location you can find later if necessary. DESKTOP.


Download LSPfix here:
http://www.cexx.org/lspfix.htm
Or here:
http://www.snapfiles.com/get/lspfix.html
Download it and save it to your desktop. If we don't need it you can delete it. Once this tool is saved we can go after NewDotNet.


This tool will restore your internet connection if you lose it while removing
NEWDOTNET/NEW.NET.

If you do lose your internet connection run the tool and "click finish"

Do not run the tool unless you lose your internet connection

Go into add/remove program and remove IF FOUND

NEWDOTNET/NEW.NET

If newdotnet/new.net is not in add/remove program run the uninstaller below


Download and save uninstall6_76.exe to Local Disc C
· Click on Start.
· Click on Run.
· In the Open window type, http://www.new.net/support/uninstall6_90.exe.
· Click on the OK button.
· After removal, you may be prompted to reboot. Please reboot if not prompted.

Then go back to my second post(POST#6) and run option 2 again, be sure to follow all instructions very carefully as this fix is a 100% kill fix and it failed possibly due to newdotnet causeing internet problems or Qoologic Trojan but Ewido should get it from safe mode below.

Post the log from option number 2.


Before posting log from option #2 run Ewido from safe mode and post that log also please.

Safe mode:

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter and run Ewido.

Thanks

I have tried to follow all of the above steps, though I am wondering if it wouldn't be easier just to reinstall windows at this point.

Anyway here are the logs:

L2mfix 010406
Creating Account.
The command completed successfully.


Adding Administrative privleges.
The command completed successfully.

Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
updating: backregs/notibac.reg (152 bytes security) (deflated 86%)


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:50:33 AM, 2/7/2006
+ Report-Checksum: A1092866

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Spyware.Look2Me : Cleaned with backup
[380] C:\WINNT\system32\ijaksie.dll -> Spyware.Look2Me : Error during cleaning
[432] C:\WINNT\system32\ijaksie.dll -> Spyware.Look2Me : Error during cleaning
C:\cygwid.exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xhxh.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\6DTRJZIJ\ibycgt[1].cab/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\L2MFIX.NAC-5-216\Local Settings\Temporary Internet Files\Content.IE5\6DTRJZIJ\ibycgt[1].cab/titno.exe -> Adware.MDH : Error during cleaning
:mozilla.30:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.31:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.39:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.41:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.42:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.44:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.47:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.63:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.64:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.69:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.70:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.113:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.114:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.115:C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\35nadmuo.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@ads1.revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@data3.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@partygaming.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.adtrak[1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\user\Cookies\user@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\user\Local Settings\Temp\C4F3.tmp/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\user\Local Settings\Temp\temp.frE73C -> Spyware.CommAd : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temp\temp.frE7C2 -> Adware.CommAd : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4PFWHV3N\inst_0004[1].exe -> Downloader.Small.cam : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4PFWHV3N\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4PFWHV3N\NNSCAA638[1].EXE -> Spyware.NewDotNet : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\4PFWHV3N\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\7SPVP8EF\ibycgt[1].cab/titno.exe -> Adware.MDH : Error during cleaning
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\cygwid[1].exe -> Downloader.Small.bmx : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\installerus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\Installer[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\ltndload[1].dll -> Adware.Sud : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\myupdates[1].exe -> Downloader.Adload.l : Cleaned with backup
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\OJZH5ACD\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\V6N92DJZ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\installerus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\NNSCAA638.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Adware.Maxifiles : Error during cleaning
C:\Program Files\Common Files\ukrf\ukrfa.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\ukrf\ukrfd\ukrfc.dll -> Downloader.Small : Cleaned with backup
C:\Program Files\Common Files\ukrf\ukrfl.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\Program Files\Common Files\ukrf\ukrfp.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Program Files\Common Files\VCClient\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\Program Files\Jalmp\jalmp.dll -> Adware.Suggestor : Cleaned with backup
C:\Program Files\Jalmp\uninstall.exe -> Adware.Suggestor : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\windows\myupdates.exe -> Downloader.Adload.l : Cleaned with backup
C:\WINNT\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\SYSTEM32\DFVENUM.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\eoeoqno.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\WINNT\SYSTEM32\fefeg.dll -> Downloader.Small : Cleaned with backup
C:\WINNT\SYSTEM32\fsfskds.exe -> Trojan.Pakes : Cleaned with backup
C:\WINNT\SYSTEM32\gp0ol3d31.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\h82o0if3e82.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\hpsw.exe -> Adware.Suggestor : Cleaned with backup
C:\WINNT\SYSTEM32\jtl0073me.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\lv4u09h9e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\m8820iloe8qc0.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\n4p4le7q1h.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\papaq.dat -> Downloader.Qoologic.at : Cleaned with backup
C:\WINNT\SYSTEM32\r08slal71dq.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\s0rsla971d.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\SYSTEM32\wgse.exe -> Trojan.Runner.h : Cleaned with backup
C:\WINNT\SYSTEM32\whCC-CLICK.exe/whAgent.exe -> Spyware.WebHancer : Error during cleaning
C:\WINNT\SYSTEM32\wiwiyc.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINNT\temp\D0A17.tmp/titno.exe -> Adware.MDH : Error during cleaning


::Report End