Hi and Welcome to TSF
Please update your version of hijackthis.
Before attacking an adware/spyware problem with hijackthis make sure you have already run ad-aware SE with VX2 add-on cleaner, Spybot Search & Destroy (with updated database) and CWShredder as these programs will clean a lot of the crap out first. All links to programs are in my signature. Ok..on to the log…..
If you have a highspeed connection please Run an online virus scan from
TrendMicro Please select the “autoclean” option when prompted to do so.
Download
Winsock2Fix and unzip it. Then double-click on it to run it.
Download and install
CleanUp http://cleanup.stevengould.org/
Download
Hoster http://members.aol.com/toadbee/hoster.zip
Run the
Look2Me uninstaller
http://www.look2me.com/cgi-bin/UnInstaller
Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible also. Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore.
Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click Kill process for each one if they are still listed (they shouldn't be but make sure)
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O4 - HKLM\..\Run: [nsvcin] C:\WINDOWS\system32\n20050308.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\dolsp.dll
Delete the following Files/Folders in
RED (delete folders if no filename is specified or if they are highlighted in RED) according to their directory (If you can't find them...do a search for them…make sure you have search hidden files, folders, sub directorys..ect enabled if it applys to your OS)
C:\WINDOWS\system32\n20050308.exe
C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
c:\windows\system32\dolsp.dll
Now open the hoster.zip file and run the program to reset/restore your hosts file.
Now run the cleanup utility and reboot/logoff when prompted.
Reboot back to normal windows and proceed with the next step..
You have the latest version of VX2 infection. Download
L2mfix from one of these two locations:
http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe
Save the file to your desktop and double click
l2mfix.exe. Click the
Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click
l2mfix.bat and select option #
1 for
Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread. Also post another hijackthis log.
IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!