Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default vx look2me log help

    hi guys after looking through this site i realised i had the look2me trojan i have downloaded hijackthis and ran a scan but iam not sure what to delete i think i have done the scan right please could somebody just check it over and tell me wat to delete and what to keep thanks alot urb!


    Logfile of HijackThis v1.99.1
    Scan saved at 14:00:04, on 8/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\spywarebot\SpywareBot.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\irene green\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133461218937
    O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\h04mlah11d4.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  2. #2
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default

    sorry guys i forgot to explain more im getting random pop ups for all diffrent things, eg adult sites, antivirus free scans all sorts of rubbish ive found it to be this vx look2me trojan, and as above i have done a hjt scan, im a little new to all this pc stuff but i gather i need to delete some of the stuff found, from reading alot on here i think i have done everything ok, im using windows xp sp 2 norton av ive also done several adware and spyware scans eg, spybot sd abd adware se, ne thing else u wana know just ask thanks again urb!

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Did something tell you had a L2M infection ? Looks very possible

    Please down load this program:

    http://www.atribune.org/content/view/28/

    Please download Look2Me-Destroyer.exe to your desktop.

    Close all windows before continuing.

    Double-click Look2Me-Destroyer.exe to run it.

    Put a check next to Run this program as a task.

    You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK

    When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

    Once it's done scanning, click the Remove L2M button.

    You will receive a Done Scanning message, click OK.

    When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    Your computer will then shutdown.

    Turn your computer back on.

    Please post the contents of Look2Me-Destroyer.txt and a new HiJackThis log.

    BG

  4. #4
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default

    i have done the look2me scan and heres my hjt report, im not sure what u mean by post the results or the l2m scan but ive had no pop ups yet fingers crossed and thanks


    Logfile of HijackThis v1.99.1
    Scan saved at 22:08:57, on 8/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\savedump.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\program files\steam\steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\irene green\Desktop\HijackThis.exe

    R3 - Default URLSearchHook is missing
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [spywarebot] C:\Program Files\spywarebot\SpywareBot.exe -boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (CwlscInstall Object) - https://scan.safety.live.com/resourc...scbase2213.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133461218937
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

  5. #5
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default

    sry me again yes i ran either adware se or a spybot scan and one of these kept picking up look2me even after a restart, all looks good atm, and ive had no pop ups yet, thanks alot for your help i will let you know if alls fine after ive been on the net for a substantial time thanks again urb!!

  6. #6
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default

    ahh i think this is what u wanted!

    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 8/3/2006 22:02:02

    Infected! C:\WINDOWS\system32\e0jm0a11ed.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP151\A0176088.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP151\A0176150.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176341.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176345.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176366.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176376.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176523.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176685.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176706.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP153\A0176719.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP154\A0176792.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176918.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176981.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176990.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176993.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0177001.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0177004.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178012.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178034.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178050.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178096.dll
    Infected! C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178105.dll
    Infected! C:\WINDOWS\system32\e0jm0a11ed.dll
    Infected! C:\WINDOWS\system32\en60l1jm1.dll
    Infected! C:\WINDOWS\system32\irn8l55u1.dll
    Infected! C:\WINDOWS\system32\mcvcp71.dll
    Infected! C:\WINDOWS\system32\wdock32.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\e0jm0a11ed.dll
    C:\WINDOWS\system32\e0jm0a11ed.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP151\A0176088.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP151\A0176088.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP151\A0176150.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP151\A0176150.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176341.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176341.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176345.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176345.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176366.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176366.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176376.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176376.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176523.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176523.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176685.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176685.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176706.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP152\A0176706.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP153\A0176719.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP153\A0176719.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP154\A0176792.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP154\A0176792.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176918.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176918.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176981.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176981.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176990.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176990.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176993.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0176993.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0177001.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0177001.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0177004.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0177004.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178012.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178012.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178034.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178034.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178050.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178050.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178096.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178096.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178105.dll
    C:\System Volume Information\_restore{1617C36A-1F37-4D0E-9286-2B383EB52002}\RP155\A0178105.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\e0jm0a11ed.dll
    C:\WINDOWS\system32\e0jm0a11ed.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\en60l1jm1.dll
    C:\WINDOWS\system32\en60l1jm1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\irn8l55u1.dll
    C:\WINDOWS\system32\irn8l55u1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mcvcp71.dll
    C:\WINDOWS\system32\mcvcp71.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wdock32.dll
    C:\WINDOWS\system32\wdock32.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9C6FF4AE-BEA3-4362-8062-AF08FFB74EEF}"
    HKCR\Clsid\{9C6FF4AE-BEA3-4362-8062-AF08FFB74EEF}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F3492325-D779-4B29-A96E-849A3C645D2B}"
    HKCR\Clsid\{F3492325-D779-4B29-A96E-849A3C645D2B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{131AE790-93F4-4E8F-8B8F-4B39FE822C34}"
    HKCR\Clsid\{131AE790-93F4-4E8F-8B8F-4B39FE822C34}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C01F1B39-F0FF-41E9-AE66-44D77BEA062E}"
    HKCR\Clsid\{C01F1B39-F0FF-41E9-AE66-44D77BEA062E}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    This was the indication that you had a L2M infection in your first log O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\h04mlah11d4.dll
    ... it's gone now...

    You should see a Look2Me-Destroyer.txt file on your desktop (or wherever you downloaded the Look2Me-Destroyer.exe file to) ... open it in notepad and post the results in you next post here...

    hopefully you are now clean...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  8. #8
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default

    woooohoooo! still no trouble guys thanks a million u saved me a lotta cash and bother,i think u guys rule and will pass ur site addy on to any1 i know is haveing trouble thanks again urb. p.s also i must commend u on such a quick response i think 5 hrs u guys got back to me in so im well chuffed cheers!!!!

  9. #9
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    HI

    You're very welcome

    from the Help2go team :wink:
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  10. #10
    Member
    Join Date
    Aug 2006
    Posts
    7
    Points
    0

    Default

    just a quick report after spending a good few hrs on the net, alls good no pop ups from any where also the pc seems to be running alot faster thanks a million urb!

Page 1 of 2 12 LastLast