|
Need Help Removing An Adware Prog That Brings Up Popup Ads
|
|
|
bluzeon
Newbie
|
17. February 2006 @ 10:31 |
Link to this message
|
I Keep Receving PopUps...Only when i allow rundll32.exe to connect on my firewall settings...if i disable it from connecting it doesn't bring popups... can you help? i tryed the vundofix and it didn't find anything...and i also ran the stinger as well...
Here Is The Hijack This Log File...
Logfile of HijackThis v1.99.1
Scan saved at 9:22:30 AM, on 2/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
c:\program files\common files\aol\1139600080\ee\aim6.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O15 - Trusted Zone: *.crosskirknet.com
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.filesharingaccess.com
O15 - Trusted Zone: *.gimmycash.com
O15 - Trusted Zone: *.gimmysmileys.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.kabum.pl
O15 - Trusted Zone: *.kazaa-forum.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.traffic-stats.org
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.yoursitebar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.zango.com (HKLM)
O15 - Trusted Zone: *.zangocash.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\lvn2095oe.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - (no file)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
|
|
Advertisement
|
|
|
|
|
-kemisti-
AfterDawn Addict
|
19. February 2006 @ 03:43 |
Link to this message
|
Download Look2Me-Destroyer.exe -> http://www.atribune.org/ccount/click.php?id=7 and save it to your desktop.
[*]Close all other windows and programs.
[*]Doubleclick Look2Me-Destroyer.exe
[*]Checkmark Run this program as a task.
[*]You'll get a message saying; "Look2Me-Destroyer will close and re-open in approximately 10 seconds". Click OK
[*]When Look2Me-Destroyer re-opens, click Scan for L2M, shortcut on your desktop will disappear and reappear, that's normal .
[*]When scan is ready, click Remove L2M.
[*]When seeingDone Scanning, click OK.
[*]When seeing Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
[*]Your computer will shutdown itself.
[*]Restart your computer.
[*]Post contents of C:\Look2Me-Destroyer.txt along with a fresh HijackThis log.
If your firewall warns about this program, allow all.
If you get runtime error '339', download MSWINSCK.OCX from link below and place it on to C:\Windows\System32-folder.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
Try again.
This message has been edited since posting. Last time this message was edited on 19. February 2006 @ 03:43
|
|
bluzeon
Newbie
|
19. February 2006 @ 20:42 |
Link to this message
|
Thanks Alot... Are There Perhaps Any Other Adware Or Viruses On My System? I Do Own XoftSpy But That Seems Not to Pick Up Certian Adware For Example The L2M...
.:Look2Me Log File:.
Look2Me-Destroyer V1.0.6
Scanning for infected files.....
Scan started at 2/20/2006 1:30:38 AM
Infected! C:\WINDOWS\system32\kt40l7hm1.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll
Infected! C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll
Infected! C:\WINDOWS\system32\bgowser.dll
Infected! C:\WINDOWS\system32\cwfview.dll
Infected! C:\WINDOWS\system32\dBd8thk.dll
Infected! C:\WINDOWS\system32\dksynth.dll
Infected! C:\WINDOWS\system32\dn4q01h5e.dll
Infected! C:\WINDOWS\system32\exsadu.dll
Infected! C:\WINDOWS\system32\gltext.dll
Infected! C:\WINDOWS\system32\gp40l3hm1.dll
Infected! C:\WINDOWS\system32\j80s0id7e80.dll
Infected! C:\WINDOWS\system32\kt40l7hm1.dll
Infected! C:\WINDOWS\system32\kwrberos.dll
Infected! C:\WINDOWS\system32\m0pola731d.dll
Infected! C:\WINDOWS\system32\mp3216.dll
Infected! C:\WINDOWS\system32\mtafd.dll
Infected! C:\WINDOWS\system32\ozbcconf.dll
Infected! C:\WINDOWS\system32\r2r6lc9s1f.dll
Infected! C:\WINDOWS\system32\rlutetab.dll
Infected! C:\WINDOWS\system32\vpa256.dll
Infected! C:\WINDOWS\system32\wvcltui.dll
Attempting to delete infected files...
Attempting to delete: C:\WINDOWS\system32\kt40l7hm1.dll
C:\WINDOWS\system32\kt40l7hm1.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016653.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016662.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016686.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016687.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016739.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016774.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP86\A0016782.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016807.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016808.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016839.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016847.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016849.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016852.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016903.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016904.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016914.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016922.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016927.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016949.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016954.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016959.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016964.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016973.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016978.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0016988.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017014.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP87\A0017041.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0017270.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP89\A0018583.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0018938.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019000.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP92\A0019028.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019052.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019053.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP93\A0019074.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019092.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP94\A0019104.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019110.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019119.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019128.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019129.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019137.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP95\A0019156.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019159.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP96\A0019170.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019292.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019297.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019350.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP97\A0019351.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019368.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP98\A0019374.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll
C:\System Volume Information\_restore{1E6D7BB7-8016-4A9A-AB62-DD59FA474A01}\RP99\A0019383.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\bgowser.dll
C:\WINDOWS\system32\bgowser.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\cwfview.dll
C:\WINDOWS\system32\cwfview.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dBd8thk.dll
C:\WINDOWS\system32\dBd8thk.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dksynth.dll
C:\WINDOWS\system32\dksynth.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\dn4q01h5e.dll
C:\WINDOWS\system32\dn4q01h5e.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\exsadu.dll
C:\WINDOWS\system32\exsadu.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gltext.dll
C:\WINDOWS\system32\gltext.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\gp40l3hm1.dll
C:\WINDOWS\system32\gp40l3hm1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\j80s0id7e80.dll
C:\WINDOWS\system32\j80s0id7e80.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kt40l7hm1.dll
C:\WINDOWS\system32\kt40l7hm1.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\kwrberos.dll
C:\WINDOWS\system32\kwrberos.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\m0pola731d.dll
C:\WINDOWS\system32\m0pola731d.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mp3216.dll
C:\WINDOWS\system32\mp3216.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\mtafd.dll
C:\WINDOWS\system32\mtafd.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\ozbcconf.dll
C:\WINDOWS\system32\ozbcconf.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\r2r6lc9s1f.dll
C:\WINDOWS\system32\r2r6lc9s1f.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\rlutetab.dll
C:\WINDOWS\system32\rlutetab.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\vpa256.dll
C:\WINDOWS\system32\vpa256.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\system32\wvcltui.dll
C:\WINDOWS\system32\wvcltui.dll Deleted successfully!
Making registry repairs.
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reinstall
Restoring Windows certificates.
Replaced hosts file with default windows hosts file
Restoring SeDebugPrivilege for Administrators - Succeeded
.:HiJackThis Log File:.
Logfile of HijackThis v1.99.1
Scan saved at 1:38:06 AM, on 2/20/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O15 - Trusted Zone: *.crosskirknet.com
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.filesharingaccess.com
O15 - Trusted Zone: *.gimmycash.com
O15 - Trusted Zone: *.gimmysmileys.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.kabum.pl
O15 - Trusted Zone: *.kazaa-forum.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.traffic-stats.org
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.yoursitebar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.zango.com (HKLM)
O15 - Trusted Zone: *.zangocash.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - (no file)
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
|
|
-kemisti-
AfterDawn Addict
|
19. February 2006 @ 20:57 |
Link to this message
|
Looking good, look2me has been removed :)
Yes, there are other malware in system which needs to be removed.
Fix with HjT (do a system scan only, checkmark these and press fix checked):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
F3 - REG:win.ini: run=C:\WINDOWS\inet20010\winlogon.exe
O15 - Trusted Zone: *.crosskirknet.com
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.filesharingaccess.com
O15 - Trusted Zone: *.gimmycash.com
O15 - Trusted Zone: *.gimmysmileys.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.kabum.pl
O15 - Trusted Zone: *.kazaa-forum.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.traffic-stats.org
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.yoursitebar.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.zango.com
O15 - Trusted Zone: *.zangocash.com
O15 - Trusted Zone: *.crosskirknet.com (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: *.filesharingaccess.com (HKLM)
O15 - Trusted Zone: *.gimmycash.com (HKLM)
O15 - Trusted Zone: *.gimmysmileys.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.kabum.pl (HKLM)
O15 - Trusted Zone: *.kazaa-forum.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.media-motor.net (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.traffic-stats.org (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.yoursitebar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.zango.com (HKLM)
O15 - Trusted Zone: *.zangocash.com (HKLM)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows - Unknown owner - C:\WINNT\srvany.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - (no file)
Next, open HijackThis, click open misc tools and then Delete NT service.
Type these one at a time and click OK:
Network Monitor
Windows
Windows Overlay Components
Download ewido -> http://www.ewido.net/en/download
Install and update it, don't scan yet.
Boot in safe mode (tap F8 whil booting)
Delete, if found:
c:\secure32.html
C:\WINDOWS\inet20010
C:\Program Files\Network Monitor
C:\WINNT\srvany.exe
Scan with ewido and save report.
Reboot normally, send a fresh HjT-log and ewido's report.
|
|
bluzeon
Newbie
|
20. February 2006 @ 08:53 |
Link to this message
|
Logfile of HijackThis v1.99.1
Scan saved at 1:45:52 PM, on 2/20/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
C:\Program Files\Common Files\AOL\1139600080\ee\aolsoftware.exe
c:\program files\common files\aol\1139600080\ee\aim6.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://adelphia.net/index.php
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Free Ram Optimizer] C:\Program Files\AceLogix\Free Ram Optimizer\fro.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: mIRC.lnk = C:\Program Files\mIRC\mirc.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://webcam.atomicmods.com//activex/AMC.cab
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: WMP54Gv4SVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe (file missing)
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 1:32:28 PM, 2/20/2006
+ Report-Checksum: D8B44BCD
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{39C78B50-7E98-4aa0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX6_0001_N68M2301NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\nhnybpt.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\nhnybptA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\Q29tcGFx\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\svch6nw.exe -> Downloader.Agent.aef : Cleaned with backup
C:\WINDOWS\SYSC00.exz -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\1024\ld986.tmp -> Dropper.Small.amb : Cleaned with backup
C:\WINDOWS\system32\drivers\sysbus32.sys -> Not-A-Virus.SpamTool.Win32.Mailbot.al : Cleaned with backup
C:\WINDOWS\system32\EsnClass.Dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hp1492.tmp -> Downloader.Zlob.gk : Cleaned with backup
C:\WINDOWS\system32\hp1E32.tmp -> Downloader.Zlob.gk : Cleaned with backup
C:\WINDOWS\system32\hpA4AC.tmp -> Downloader.Zlob.gk : Cleaned with backup
C:\WINDOWS\system32\hpsw.exz -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\system32\mnakeeii.exe -> Proxy.Wopla.r : Cleaned with backup
C:\WINDOWS\system32\PIGFILT.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\plhjadik.dll -> Proxy.Wopla.s : Cleaned with backup
C:\WINDOWS\system32\priva.exe -> Downloader.Small.asa : Cleaned with backup
C:\WINDOWS\system32\SALWAPI.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq1.exe -> Downloader.Small.asa : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.cfx : Cleaned with backup
C:\WINDOWS\system32\whCC-CLICK.exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\WINDOWS\system32\win_my.dll -> Downloader.Agent.aef : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\win3207509-133363.exz -> Downloader.VB.tw : Cleaned with backup
C:\WINNT\Windows.exz -> Not-A-Virus.NetTool.Win32.CalcFolding@Home : Cleaned with backup
::Report End
|
|
-kemisti-
AfterDawn Addict
|
20. February 2006 @ 20:29 |
Link to this message
|
|
Looking very good :)
Your HjT log is clean. Still having problems?
I recommend to get antivirus. You don't seem to have one. And a firewall, too.
|
|
bluzeon
Newbie
|
21. February 2006 @ 05:10 |
Link to this message
|
|
Thanks Alot... my main problem was that L2m.... which is gone now thanks to you... greatly appreciate it... i do have a firewall and an antivirus prog called freedom... thats how i was able to stop rundll32.exe from enabling explorer to make popup adds to sites... i just blocked rundll32.exe from connecting to the internet... but that didn't solve the problem...till i got rid of the L2M Virus... Thanks....
|
|
-kemisti-
AfterDawn Addict
|
21. February 2006 @ 07:29 |
Link to this message
|
|
Nice to hear and you're welcome :)
I strongly suggest you to update your windows.
|
|
bluzeon
Newbie
|
22. February 2006 @ 05:03 |
Link to this message
|
|
wut do mean update my windows? I Have Windows XP Pro... But Updating it is kinda hard considering for some off reason the windows update service says its not a genuwine version... i dunno why... i bought the comp with pro already on it.... but the case says it had XP Home... although the XP pro works better with my small network i have here with 2 comps....
|
|
-kemisti-
AfterDawn Addict
|
22. February 2006 @ 05:32 |
Link to this message
|
|
Well, you don't have service pack 2. Maybe it's not genuine and store/the one who sold that computer had fooled you?
|
|
bluzeon
Newbie
|
24. February 2006 @ 02:18 |
Link to this message
|
|
is there a posibable site that may have service pack 2 avaliable considering the windows update wont let me install it...? this is speakin thereticaly speeking without causing harm.... know what i sorta mean...lol
|
|
-kemisti-
AfterDawn Addict
|
24. February 2006 @ 07:18 |
Link to this message
|
|
Sorry, i don't get your point :) Try again.
|
Moderator
|
26. February 2006 @ 01:25 |
Link to this message
|
|
This message has been edited since posting. Last time this message was edited on 26. February 2006 @ 01:28
|
|
Advertisement
|
|
|
|
bluzeon
Newbie
|
27. February 2006 @ 21:22 |
Link to this message
|
|
is there a direct link or site url i can goto to download sp2.... posibably with out using windows update...
|
