1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need Help Removing An Adware Prog That Brings Up Popup Ads

Discussion in 'Windows - Virus and spyware problems' started by bluzeon, Feb 17, 2006.

  1. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    I Keep Receving PopUps...Only when i allow rundll32.exe to connect on my firewall settings...if i disable it from connecting it doesn't bring popups... can you help? i tryed the vundofix and it didn't find anything...and i also ran the stinger as well...

    Here Is The Hijack This Log File...

    Logfile of HijackThis v1.99.1
    Scan saved at 9:22:30 AM, on 2/16/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
    c:\program files\common files\aol\1139600080\ee\aim6.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O15 - Trusted Zone: *.crosskirknet.com
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.filesharingaccess.com
    O15 - Trusted Zone: *.gimmycash.com
    O15 - Trusted Zone: *.gimmysmileys.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.kabum.pl
    O15 - Trusted Zone: *.kazaa-forum.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.traffic-stats.org
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.yoursitebar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.zango.com
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.crosskirknet.com (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
    O15 - Trusted Zone: *.gimmycash.com (HKLM)
    O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.kabum.pl (HKLM)
    O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.traffic-stats.org (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.yoursitebar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.zango.com (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\lvn2095oe.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - (no file)
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
     
    bluzeon, Feb 17, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Download Look2Me-Destroyer.exe -> http://www.atribune.org/ccount/click.php?id=7 and save it to your desktop.
    [*]Close all other windows and programs.
    [*]Doubleclick Look2Me-Destroyer.exe
    [*]Checkmark Run this program as a task.
    [*]You'll get a message saying; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Click OK
    [*]When Look2Me-Destroyer re-opens, click Scan for L2M, shortcut on your desktop will disappear and reappear, that's normal .
    [*]When scan is ready, click Remove L2M.
    [*]When seeingDone Scanning, click OK.
    [*]When seeing Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    [*]Your computer will shutdown itself.
    [*]Restart your computer.
    [*]Post contents of C:\Look2Me-Destroyer.txt along with a fresh HijackThis log.
    If your firewall warns about this program, allow all.

    If you get runtime error '339', download MSWINSCK.OCX from link below and place it on to C:\Windows\System32-folder.

    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

    Try again.
     
    Last edited: Feb 19, 2006
    -kemisti-, Feb 19, 2006
    #2
  3. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Thanks Alot... Are There Perhaps Any Other Adware Or Viruses On My System? I Do Own XoftSpy But That Seems Not to Pick Up Certian Adware For Example The L2M...

    .:Look2Me Log File:.

    Look2Me-Destroyer V1.0.6

    Scanning for infected files.....
    Scan started at 2/20/2006 1:30:38 AM

    Infected! C:\WINDOWS\system32\kt40l7hm1.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll
    Infected! C:\WINDOWS\system32\bgowser.dll
    Infected! C:\WINDOWS\system32\cwfview.dll
    Infected! C:\WINDOWS\system32\dBd8thk.dll
    Infected! C:\WINDOWS\system32\dksynth.dll
    Infected! C:\WINDOWS\system32\dn4q01h5e.dll
    Infected! C:\WINDOWS\system32\exsadu.dll
    Infected! C:\WINDOWS\system32\gltext.dll
    Infected! C:\WINDOWS\system32\gp40l3hm1.dll
    Infected! C:\WINDOWS\system32\j80s0id7e80.dll
    Infected! C:\WINDOWS\system32\kt40l7hm1.dll
    Infected! C:\WINDOWS\system32\kwrberos.dll
    Infected! C:\WINDOWS\system32\m0pola731d.dll
    Infected! C:\WINDOWS\system32\mp3216.dll
    Infected! C:\WINDOWS\system32\mtafd.dll
    Infected! C:\WINDOWS\system32\ozbcconf.dll
    Infected! C:\WINDOWS\system32\r2r6lc9s1f.dll
    Infected! C:\WINDOWS\system32\rlutetab.dll
    Infected! C:\WINDOWS\system32\vpa256.dll
    Infected! C:\WINDOWS\system32\wvcltui.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\kt40l7hm1.dll
    C:\WINDOWS\system32\kt40l7hm1.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\bgowser.dll
    C:\WINDOWS\system32\bgowser.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cwfview.dll
    C:\WINDOWS\system32\cwfview.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dBd8thk.dll
    C:\WINDOWS\system32\dBd8thk.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dksynth.dll
    C:\WINDOWS\system32\dksynth.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dn4q01h5e.dll
    C:\WINDOWS\system32\dn4q01h5e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\exsadu.dll
    C:\WINDOWS\system32\exsadu.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\gltext.dll
    C:\WINDOWS\system32\gltext.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\gp40l3hm1.dll
    C:\WINDOWS\system32\gp40l3hm1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\j80s0id7e80.dll
    C:\WINDOWS\system32\j80s0id7e80.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kt40l7hm1.dll
    C:\WINDOWS\system32\kt40l7hm1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kwrberos.dll
    C:\WINDOWS\system32\kwrberos.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\m0pola731d.dll
    C:\WINDOWS\system32\m0pola731d.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mp3216.dll
    C:\WINDOWS\system32\mp3216.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mtafd.dll
    C:\WINDOWS\system32\mtafd.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ozbcconf.dll
    C:\WINDOWS\system32\ozbcconf.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\r2r6lc9s1f.dll
    C:\WINDOWS\system32\r2r6lc9s1f.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rlutetab.dll
    C:\WINDOWS\system32\rlutetab.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vpa256.dll
    C:\WINDOWS\system32\vpa256.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wvcltui.dll
    C:\WINDOWS\system32\wvcltui.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded


    .:HiJackThis Log File:.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:38:06 AM, on 2/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O15 - Trusted Zone: *.crosskirknet.com
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.filesharingaccess.com
    O15 - Trusted Zone: *.gimmycash.com
    O15 - Trusted Zone: *.gimmysmileys.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.kabum.pl
    O15 - Trusted Zone: *.kazaa-forum.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.traffic-stats.org
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.yoursitebar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.zango.com
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.crosskirknet.com (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
    O15 - Trusted Zone: *.gimmycash.com (HKLM)
    O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.kabum.pl (HKLM)
    O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.traffic-stats.org (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.yoursitebar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.zango.com (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135371099390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136912575344
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - (no file)
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


     
    bluzeon, Feb 19, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Looking good, look2me has been removed :)

    Yes, there are other malware in system which needs to be removed.

    Fix with HjT (do a system scan only, checkmark these and press fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
    O15 - Trusted Zone: *.crosskirknet.com
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.filesharingaccess.com
    O15 - Trusted Zone: *.gimmycash.com
    O15 - Trusted Zone: *.gimmysmileys.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.kabum.pl
    O15 - Trusted Zone: *.kazaa-forum.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.traffic-stats.org
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.yoursitebar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.zango.com
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.crosskirknet.com (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
    O15 - Trusted Zone: *.gimmycash.com (HKLM)
    O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.kabum.pl (HKLM)
    O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.traffic-stats.org (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.yoursitebar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.zango.com (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - (no file)

    Next, open HijackThis, click open misc tools and then Delete NT service.

    Type these one at a time and click OK:

    Network Monitor
    Windows
    Windows Overlay Components

    Download ewido -> http://www.ewido.net/en/download
    Install and update it, don't scan yet.

    Boot in safe mode (tap F8 whil booting)

    Delete, if found:

    c:\secure32.html
    C:\WINDOWS\inet20010
    C:\Program Files\Network Monitor
    C:\WINNT\srvany.exe

    Scan with ewido and save report.

    Reboot normally, send a fresh HjT-log and ewido's report.
     
    -kemisti-, Feb 19, 2006
    #4
  5. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 1:45:52 PM, on 2/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
    c:\program files\common files\aol\1139600080\ee\aim6.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135371099390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136912575344
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:32:28 PM, 2/20/2006
    + Report-Checksum: D8B44BCD

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINDOWS\nhnybpt.exe -> Hijacker.VB.ij : Cleaned with backup
    C:\WINDOWS\nhnybptA.exe -> Hijacker.VB.ij : Cleaned with backup
    C:\WINDOWS\Q29tcGFx\asappsrv.dll -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\svch6nw.exe -> Downloader.Agent.aef : Cleaned with backup
    C:\WINDOWS\SYSC00.exz -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\system32\1024\ld986.tmp -> Dropper.Small.amb : Cleaned with backup
    C:\WINDOWS\system32\drivers\sysbus32.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.al : Cleaned with backup
    C:\WINDOWS\system32\EsnClass.Dll -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\hp1492.tmp -> Downloader.Zlob.gk : Cleaned with backup
    C:\WINDOWS\system32\hp1E32.tmp -> Downloader.Zlob.gk : Cleaned with backup
    C:\WINDOWS\system32\hpA4AC.tmp -> Downloader.Zlob.gk : Cleaned with backup
    C:\WINDOWS\system32\hpsw.exz -> Adware.Suggestor : Cleaned with backup
    C:\WINDOWS\system32\mnakeeii.exe -> Proxy.Wopla.r : Cleaned with backup
    C:\WINDOWS\system32\PIGFILT.DLL -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\plhjadik.dll -> Proxy.Wopla.s : Cleaned with backup
    C:\WINDOWS\system32\priva.exe -> Downloader.Small.asa : Cleaned with backup
    C:\WINDOWS\system32\SALWAPI.DLL -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\vxh8jkdq1.exe -> Downloader.Small.asa : Cleaned with backup
    C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
    C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.cfx : Cleaned with backup
    C:\WINDOWS\system32\whCC-CLICK.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
    C:\WINDOWS\system32\win_my.dll -> Downloader.Agent.aef : Cleaned with backup
    C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\win3207509-133363.exz -> Downloader.VB.tw : Cleaned with backup
    C:\WINNT\Windows.exz -> Not-A-Virus.NetTool.Win32.CalcFolding@Home : Cleaned with backup


    ::Report End
     
    bluzeon, Feb 20, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Looking very good :)

    Your HjT log is clean. Still having problems?

    I recommend to get antivirus. You don't seem to have one. And a firewall, too.
     
    -kemisti-, Feb 20, 2006
    #6
  7. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Thanks Alot... my main problem was that L2m.... which is gone now thanks to you... greatly appreciate it... i do have a firewall and an antivirus prog called freedom... thats how i was able to stop rundll32.exe from enabling explorer to make popup adds to sites... i just blocked rundll32.exe from connecting to the internet... but that didn't solve the problem...till i got rid of the L2M Virus... Thanks....
     
    bluzeon, Feb 21, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Nice to hear and you're welcome :)

    I strongly suggest you to update your windows.
     
    -kemisti-, Feb 21, 2006
    #8
  9. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    wut do mean update my windows? I Have Windows XP Pro... But Updating it is kinda hard considering for some off reason the windows update service says its not a genuwine version... i dunno why... i bought the comp with pro already on it.... but the case says it had XP Home... although the XP pro works better with my small network i have here with 2 comps....
     
    bluzeon, Feb 22, 2006
    #9
  10. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Well, you don't have service pack 2. Maybe it's not genuine and store/the one who sold that computer had fooled you?
     
    -kemisti-, Feb 22, 2006
    #10
  11. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    is there a posibable site that may have service pack 2 avaliable considering the windows update wont let me install it...? this is speakin thereticaly speeking without causing harm.... know what i sorta mean...lol
     
    bluzeon, Feb 24, 2006
    #11
  12. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Sorry, i don't get your point :) Try again.
     
    -kemisti-, Feb 24, 2006
    #12
  13. Lethal_B

    Lethal_B Moderator Staff Member

    Joined:
    Jul 12, 2005
    Messages:
    4,061
    Likes Received:
    6
    Trophy Points:
    68
    Last edited: Feb 26, 2006
    Lethal_B, Feb 26, 2006
    #13
  14. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    is there a direct link or site url i can goto to download sp2.... posibably with out using windows update...
     
    bluzeon, Feb 27, 2006
    #14

Share This Page