Need Help Removing An Adware Prog That Brings Up Popup Ads

Discussion in 'Windows - Virus and spyware problems' started by bluzeon, Feb 17, 2006.

  1. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    I Keep Receving PopUps...Only when i allow rundll32.exe to connect on my firewall settings...if i disable it from connecting it doesn't bring popups... can you help? i tryed the vundofix and it didn't find anything...and i also ran the stinger as well...

    Here Is The Hijack This Log File...

    Logfile of HijackThis v1.99.1
    Scan saved at 9:22:30 AM, on 2/16/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
    c:\program files\common files\aol\1139600080\ee\aim6.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O15 - Trusted Zone: *.crosskirknet.com
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.filesharingaccess.com
    O15 - Trusted Zone: *.gimmycash.com
    O15 - Trusted Zone: *.gimmysmileys.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.kabum.pl
    O15 - Trusted Zone: *.kazaa-forum.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.traffic-stats.org
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.yoursitebar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.zango.com
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.crosskirknet.com (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
    O15 - Trusted Zone: *.gimmycash.com (HKLM)
    O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.kabum.pl (HKLM)
    O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.traffic-stats.org (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.yoursitebar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.zango.com (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
    O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\lvn2095oe.dll
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - (no file)
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
     
    bluzeon, Feb 17, 2006
    #1
  2. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Download Look2Me-Destroyer.exe -> http://www.atribune.org/ccount/click.php?id=7 and save it to your desktop.
    [*]Close all other windows and programs.
    [*]Doubleclick Look2Me-Destroyer.exe
    [*]Checkmark Run this program as a task.
    [*]You'll get a message saying; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Click OK
    [*]When Look2Me-Destroyer re-opens, click Scan for L2M, shortcut on your desktop will disappear and reappear, that's normal .
    [*]When scan is ready, click Remove L2M.
    [*]When seeingDone Scanning, click OK.
    [*]When seeing Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
    [*]Your computer will shutdown itself.
    [*]Restart your computer.
    [*]Post contents of C:\Look2Me-Destroyer.txt along with a fresh HijackThis log.
    If your firewall warns about this program, allow all.

    If you get runtime error '339', download MSWINSCK.OCX from link below and place it on to C:\Windows\System32-folder.

    http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

    Try again.
     
    Last edited: Feb 19, 2006
    -kemisti-, Feb 19, 2006
    #2
  3. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Thanks Alot... Are There Perhaps Any Other Adware Or Viruses On My System? I Do Own XoftSpy But That Seems Not to Pick Up Certian Adware For Example The L2M...

    .:Look2Me Log File:.

    Look2Me-Destroyer V1.0.6

    Scanning for infected files.....
    Scan started at 2/20/2006 1:30:38 AM

    Infected! C:\WINDOWS\system32\kt40l7hm1.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll
    Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll
    Infected! C:\WINDOWS\system32\bgowser.dll
    Infected! C:\WINDOWS\system32\cwfview.dll
    Infected! C:\WINDOWS\system32\dBd8thk.dll
    Infected! C:\WINDOWS\system32\dksynth.dll
    Infected! C:\WINDOWS\system32\dn4q01h5e.dll
    Infected! C:\WINDOWS\system32\exsadu.dll
    Infected! C:\WINDOWS\system32\gltext.dll
    Infected! C:\WINDOWS\system32\gp40l3hm1.dll
    Infected! C:\WINDOWS\system32\j80s0id7e80.dll
    Infected! C:\WINDOWS\system32\kt40l7hm1.dll
    Infected! C:\WINDOWS\system32\kwrberos.dll
    Infected! C:\WINDOWS\system32\m0pola731d.dll
    Infected! C:\WINDOWS\system32\mp3216.dll
    Infected! C:\WINDOWS\system32\mtafd.dll
    Infected! C:\WINDOWS\system32\ozbcconf.dll
    Infected! C:\WINDOWS\system32\r2r6lc9s1f.dll
    Infected! C:\WINDOWS\system32\rlutetab.dll
    Infected! C:\WINDOWS\system32\vpa256.dll
    Infected! C:\WINDOWS\system32\wvcltui.dll

    Attempting to delete infected files...

    Attempting to delete: C:\WINDOWS\system32\kt40l7hm1.dll
    C:\WINDOWS\system32\kt40l7hm1.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll
    C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\bgowser.dll
    C:\WINDOWS\system32\bgowser.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cwfview.dll
    C:\WINDOWS\system32\cwfview.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dBd8thk.dll
    C:\WINDOWS\system32\dBd8thk.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dksynth.dll
    C:\WINDOWS\system32\dksynth.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dn4q01h5e.dll
    C:\WINDOWS\system32\dn4q01h5e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\exsadu.dll
    C:\WINDOWS\system32\exsadu.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\gltext.dll
    C:\WINDOWS\system32\gltext.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\gp40l3hm1.dll
    C:\WINDOWS\system32\gp40l3hm1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\j80s0id7e80.dll
    C:\WINDOWS\system32\j80s0id7e80.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kt40l7hm1.dll
    C:\WINDOWS\system32\kt40l7hm1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kwrberos.dll
    C:\WINDOWS\system32\kwrberos.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\m0pola731d.dll
    C:\WINDOWS\system32\m0pola731d.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mp3216.dll
    C:\WINDOWS\system32\mp3216.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mtafd.dll
    C:\WINDOWS\system32\mtafd.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ozbcconf.dll
    C:\WINDOWS\system32\ozbcconf.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\r2r6lc9s1f.dll
    C:\WINDOWS\system32\r2r6lc9s1f.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rlutetab.dll
    C:\WINDOWS\system32\rlutetab.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vpa256.dll
    C:\WINDOWS\system32\vpa256.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wvcltui.dll
    C:\WINDOWS\system32\wvcltui.dll Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrators - Succeeded


    .:HiJackThis Log File:.

    Logfile of HijackThis v1.99.1
    Scan saved at 1:38:06 AM, on 2/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O15 - Trusted Zone: *.crosskirknet.com
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.filesharingaccess.com
    O15 - Trusted Zone: *.gimmycash.com
    O15 - Trusted Zone: *.gimmysmileys.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.kabum.pl
    O15 - Trusted Zone: *.kazaa-forum.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.traffic-stats.org
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.yoursitebar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.zango.com
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.crosskirknet.com (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
    O15 - Trusted Zone: *.gimmycash.com (HKLM)
    O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.kabum.pl (HKLM)
    O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.traffic-stats.org (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.yoursitebar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.zango.com (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135371099390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136912575344
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - (no file)
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)


     
    bluzeon, Feb 19, 2006
    #3
  4. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Looking good, look2me has been removed :)

    Yes, there are other malware in system which needs to be removed.

    Fix with HjT (do a system scan only, checkmark these and press fix checked):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: Shell=
    F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
    O15 - Trusted Zone: *.crosskirknet.com
    O15 - Trusted Zone: *.dollarrevenue.com
    O15 - Trusted Zone: *.errorsafe.com
    O15 - Trusted Zone: *.filesharingaccess.com
    O15 - Trusted Zone: *.gimmycash.com
    O15 - Trusted Zone: *.gimmysmileys.com
    O15 - Trusted Zone: *.imagesrvr.com
    O15 - Trusted Zone: *.kabum.pl
    O15 - Trusted Zone: *.kazaa-forum.com
    O15 - Trusted Zone: *.media-motor.com
    O15 - Trusted Zone: *.mediatickets.net
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.traffic-stats.org
    O15 - Trusted Zone: *.winantivirus.com
    O15 - Trusted Zone: *.windupdates.com
    O15 - Trusted Zone: *.winfixer.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.yoursitebar.com
    O15 - Trusted Zone: *.ysbweb.com
    O15 - Trusted Zone: *.zango.com
    O15 - Trusted Zone: *.zangocash.com
    O15 - Trusted Zone: *.crosskirknet.com (HKLM)
    O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
    O15 - Trusted Zone: *.errorsafe.com (HKLM)
    O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
    O15 - Trusted Zone: *.gimmycash.com (HKLM)
    O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
    O15 - Trusted Zone: *.imagesrvr.com (HKLM)
    O15 - Trusted Zone: *.kabum.pl (HKLM)
    O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
    O15 - Trusted Zone: *.media-motor.com (HKLM)
    O15 - Trusted Zone: *.media-motor.net (HKLM)
    O15 - Trusted Zone: *.mediatickets.net (HKLM)
    O15 - Trusted Zone: *.mt-download.com (HKLM)
    O15 - Trusted Zone: *.traffic-stats.org (HKLM)
    O15 - Trusted Zone: *.winantivirus.com (HKLM)
    O15 - Trusted Zone: *.windupdates.com (HKLM)
    O15 - Trusted Zone: *.winfixer.com (HKLM)
    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
    O15 - Trusted Zone: *.yoursitebar.com (HKLM)
    O15 - Trusted Zone: *.ysbweb.com (HKLM)
    O15 - Trusted Zone: *.zango.com (HKLM)
    O15 - Trusted Zone: *.zangocash.com (HKLM)
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
    O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
    O23 - Service: Windows Overlay Components - Unknown owner - (no file)

    Next, open HijackThis, click open misc tools and then Delete NT service.

    Type these one at a time and click OK:

    Network Monitor
    Windows
    Windows Overlay Components

    Download ewido -> http://www.ewido.net/en/download
    Install and update it, don't scan yet.

    Boot in safe mode (tap F8 whil booting)

    Delete, if found:

    c:\secure32.html
    C:\WINDOWS\inet20010
    C:\Program Files\Network Monitor
    C:\WINNT\srvany.exe

    Scan with ewido and save report.

    Reboot normally, send a fresh HjT-log and ewido's report.
     
    -kemisti-, Feb 19, 2006
    #4
  5. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Logfile of HijackThis v1.99.1
    Scan saved at 1:45:52 PM, on 2/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
    c:\program files\common files\aol\1139600080\ee\aim6.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
    R3 - Default URLSearchHook is missing
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135371099390
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136912575344
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
    O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 1:32:28 PM, 2/20/2006
    + Report-Checksum: D8B44BCD

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
    HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
    C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
    C:\WINDOWS\nhnybpt.exe -> Hijacker.VB.ij : Cleaned with backup
    C:\WINDOWS\nhnybptA.exe -> Hijacker.VB.ij : Cleaned with backup
    C:\WINDOWS\Q29tcGFx\asappsrv.dll -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\svch6nw.exe -> Downloader.Agent.aef : Cleaned with backup
    C:\WINDOWS\SYSC00.exz -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\system32\1024\ld986.tmp -> Dropper.Small.amb : Cleaned with backup
    C:\WINDOWS\system32\drivers\sysbus32.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.al : Cleaned with backup
    C:\WINDOWS\system32\EsnClass.Dll -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\hp1492.tmp -> Downloader.Zlob.gk : Cleaned with backup
    C:\WINDOWS\system32\hp1E32.tmp -> Downloader.Zlob.gk : Cleaned with backup
    C:\WINDOWS\system32\hpA4AC.tmp -> Downloader.Zlob.gk : Cleaned with backup
    C:\WINDOWS\system32\hpsw.exz -> Adware.Suggestor : Cleaned with backup
    C:\WINDOWS\system32\mnakeeii.exe -> Proxy.Wopla.r : Cleaned with backup
    C:\WINDOWS\system32\PIGFILT.DLL -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\plhjadik.dll -> Proxy.Wopla.s : Cleaned with backup
    C:\WINDOWS\system32\priva.exe -> Downloader.Small.asa : Cleaned with backup
    C:\WINDOWS\system32\SALWAPI.DLL -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\vxh8jkdq1.exe -> Downloader.Small.asa : Cleaned with backup
    C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
    C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.cfx : Cleaned with backup
    C:\WINDOWS\system32\whCC-CLICK.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
    C:\WINDOWS\system32\win_my.dll -> Downloader.Agent.aef : Cleaned with backup
    C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINDOWS\win3207509-133363.exz -> Downloader.VB.tw : Cleaned with backup
    C:\WINNT\Windows.exz -> Not-A-Virus.NetTool.Win32.CalcFolding@Home : Cleaned with backup


    ::Report End
     
    bluzeon, Feb 20, 2006
    #5
  6. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Looking very good :)

    Your HjT log is clean. Still having problems?

    I recommend to get antivirus. You don't seem to have one. And a firewall, too.
     
    -kemisti-, Feb 20, 2006
    #6
  7. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    Thanks Alot... my main problem was that L2m.... which is gone now thanks to you... greatly appreciate it... i do have a firewall and an antivirus prog called freedom... thats how i was able to stop rundll32.exe from enabling explorer to make popup adds to sites... i just blocked rundll32.exe from connecting to the internet... but that didn't solve the problem...till i got rid of the L2M Virus... Thanks....
     
    bluzeon, Feb 21, 2006
    #7
  8. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Nice to hear and you're welcome :)

    I strongly suggest you to update your windows.
     
    -kemisti-, Feb 21, 2006
    #8
  9. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    wut do mean update my windows? I Have Windows XP Pro... But Updating it is kinda hard considering for some off reason the windows update service says its not a genuwine version... i dunno why... i bought the comp with pro already on it.... but the case says it had XP Home... although the XP pro works better with my small network i have here with 2 comps....
     
    bluzeon, Feb 22, 2006
    #9
  10. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Well, you don't have service pack 2. Maybe it's not genuine and store/the one who sold that computer had fooled you?
     
    -kemisti-, Feb 22, 2006
    #10
  11. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    is there a posibable site that may have service pack 2 avaliable considering the windows update wont let me install it...? this is speakin thereticaly speeking without causing harm.... know what i sorta mean...lol
     
    bluzeon, Feb 24, 2006
    #11
  12. -kemisti-

    -kemisti- Active member

    Joined:
    Jun 6, 2005
    Messages:
    6,305
    Likes Received:
    0
    Trophy Points:
    96
    Sorry, i don't get your point :) Try again.
     
    -kemisti-, Feb 24, 2006
    #12
  13. Lethal_B

    Lethal_B Moderator Staff Member

    Joined:
    Jul 12, 2005
    Messages:
    4,061
    Likes Received:
    6
    Trophy Points:
    68
    Last edited: Feb 26, 2006
    Lethal_B, Feb 26, 2006
    #13
  14. bluzeon

    bluzeon Member

    Joined:
    Feb 16, 2006
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    11
    is there a direct link or site url i can goto to download sp2.... posibably with out using windows update...
     
    bluzeon, Feb 27, 2006
    #14

Share This Page