0

Hello, I am having quite a few problems with my computer, I have read many of the threads in an attemt to find the answers I need, but I have no idea what the exact problem is.

When my computer starts up i get this error message
RUNDLL
An exception error has occured while trying to run C:WINDOWS\System32\nc4_disp.dll,Dllgetversion

I have run my virus scan, which is Trend-Micro PC-cillin
I have run Lavasoftware Ad-aware
and I have run Torjan remover

Yesteday my virus scan said I had 183 viruses detected, and I deleted everything on the scan...Im guessing I shouldnt have done that. I restored my computer to a few days back, Im still getting the error message.
When running torjan remover, I get a message saying that one of the files is locked and cant be scanned.
I uderstand you need the log from Hijack this so I have follwed the instructions to do that and here it is:
Logfile of HijackThis v1.99.1
Scan saved at 1:55:12 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\eSnips\ClientGW.exe
C:\WINDOWS\ms040242201950.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
D:\MDM_UTIL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Maria\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [ms040242201950] C:\WINDOWS\ms040242201950.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [qrrf] C:\Program Files\Common Files\qrrf\qrrfm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145839782750
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: awvvs - awvvs.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\n02u0af9ed2.dll
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Also, I can not log in to anything on the internet...anything that requires a password, I can not get in to...
Thank you very much for your time, any thing you can do to help is much appreciated

2
Contributors
7
Replies
8
Views
11 Years
Discussion Span
Last Post by 'Stein
0

Ok, you're not THAT infected--and we can fix all of it.

Copy this advise to a Notepad file. Save it to your desktop. We will use it later.

Download the Killbox.
Unzip it to the desktop but do NOT run it yet.

Follow by downloading CCleaner, and specifically choosing the most recent version.

Next, follow these steps for configuring CCleaner:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

After doing this, followup by downloading Ewido Security Suite.

  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display "Update successful"

    -=-=-=-=-=-=-==-==-=-= End here to download but not scan -=-=-=-=-=-=-==-==-=-=

  • Click on Scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

After doing this, restart the computer. Open up HJT and check the following:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [ms040242201950] C:\WINDOWS\ms040242201950.exe
O4 - HKCU\..\Run: [qrrf] C:\Program Files\Common Files\qrrf\qrrfm.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_3us.cab
O20 - Winlogon Notify: awvvs - awvvs.dll (file missing)
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\n02u0af9ed2.dll
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

After doing this, reboot into safe mode (repeatedly hit F8 while first starting up).

While in safe mode, first go and delete these folders:

C:\Program Files\Common Files\qrrf
C:\Program Files\Network Monitor

Then, run Killbox.

Select "Delete on Reboot".

* Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\ms040242201950.exe

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Reboot.

Then, from normal mode, reboot into safe mode again.

please run Killbox.

1) Select "delete on reboot" and put a check in the "unregister dll.

2) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

awvvs.dll
C:\WINDOWS\system32\n02u0af9ed2.dll

3) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

4) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

Let the system reboot.

In normal mode again, rerun a HJT scan and post it here along with the Ewido scan log.

Thanks.

0

Okay I have done everything you said...The problem I am having is I cannot log in to anything that has a password, it says my browser has rejected the cookies...So I can not post the scan results. Before I luckily had signed in to my yahoo mail and sent it to another email account and did this from another computer. Now I cant sign in to anything. Help...wow one problem after the next.
Thanks, Miche

0

Hmm well several things.

1) download FireFox (link in my sig below). It should give ya alittle more leeway (NOTE: if it asks ya to transfer settings, say no).

Also, FF is a much safer way of browsing anyways, so I'd keep it after this fix.

Second, if that doesn't work, you could possibly burn the logs to a cd/floppy/memory key and transfer them from computer to computer.

Let us know of your plan of action.

Thanks.

0

Okay so apparently Im retarded! I had the security set too high...got it now

HJT Results:
Logfile of HijackThis v1.99.1
Scan saved at 8:22:50 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Documents and Settings\Maria\Desktop\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145839782750
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DH - C:\WINDOWS\system32\dn2401fqe.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ewido scan:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:38:43 PM, 4/26/2006
+ Report-Checksum: A29276F9
+ Scan result:
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Adware.SaveNow : Cleaned with backup
HKU\S-1-5-21-256384003-1079039280-2783416824-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-21-256384003-1079039280-2783416824-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-21-256384003-1079039280-2783416824-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
[2160] C:\WINDOWS\system32\sumpapi.dll -> Adware.Look2Me : Error during cleaning
[3008] C:\WINDOWS\ms040242201950.exe -> Adware.Enbrow : Cleaned with backup
[1992] C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Error during cleaning
C:\Documents and Settings\Bryan\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\reports.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\3236.dat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44228 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7518 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\7521 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95678 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95704 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\95825 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3236.dat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_ringtone.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-548964.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\email-def-511724-9595.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium-hotbar-premium.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar-premium.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords.idx -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords1.dat -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\report\ag.xml -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\report\ag.xml.db -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\report\send.xml -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\report\send.xml.db -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Bryan\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup
C:\Documents and Settings\Maria\Local Settings\Temp\Cookies\maria@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP739\A0134603.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0134873.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0134914.exe -> Adware.SurfSide : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0134927.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0134973.dll -> Adware.HotBar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0134978.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0134982.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0135004.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0135030.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP741\A0135031.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP742\A0135040.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP742\A0135051.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP742\A0135055.DLL -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0135104.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0135110.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0135122.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136122.dll -> Adware.Look2Me : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\dwjwbpz.ex$ -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\dwjwbpzA.ex$ -> Hijacker.VB.ij : Cleaned with backup
C:\WINDOWS\ms040242201950.exe -> Adware.Enbrow : Cleaned with backup
C:\WINDOWS\SYSTEM32\irpsl5771.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\jkhhh.dll -> Adware.Virtumonde : Cleaned with backup
C:\WINDOWS\SYSTEM32\kyfskabc.dll -> Logger.Small.fg : Cleaned with backup
C:\WINDOWS\SYSTEM32\q4nule591h.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\Temp\Cookies\maria@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup

::Report End

Yeah I feel really dumb...lol
thanks!

0

Arg, stupid me missed the L2Me infection.

Do the following:

Please download Look2Me-Destroyer.exe to your desktop.

Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.

You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.

Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Thanks.

0

HJT scan:
Logfile of HijackThis v1.99.1
Scan saved at 10:59:11 PM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\eSnips\ClientGW.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Maria\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145839782750
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: DH - C:\WINDOWS\system32\dn2401fqe.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


L2M scan:
Look2Me-Destroyer V1.0.12
Scanning for infected files.....
Scan started at 4/26/2006 9:35:45 PM
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136175.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136178.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136179.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136203.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136210.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136214.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136221.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136228.dll
Infected! C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136232.dll
Infected! C:\WINDOWS\SYSTEM32\dn2401fqe.dll
Infected! C:\WINDOWS\SYSTEM32\ktpol7731.dll
Infected! C:\WINDOWS\SYSTEM32\rZsmans.dll
Attempting to delete infected files...
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136175.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136175.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136178.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136178.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136179.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136179.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136203.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136203.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136210.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136210.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136214.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136214.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136221.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136221.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136228.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136228.dll Deleted successfully!
Attempting to delete: C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136232.dll
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP743\A0136232.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\dn2401fqe.dll
C:\WINDOWS\SYSTEM32\dn2401fqe.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\ktpol7731.dll
C:\WINDOWS\SYSTEM32\ktpol7731.dll Deleted successfully!
Attempting to delete: C:\WINDOWS\SYSTEM32\rZsmans.dll
C:\WINDOWS\SYSTEM32\rZsmans.dll Deleted successfully!
Making registry repairs.

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CDAD5694-4F28-4DE6-AF94-47B17193F107}"
HKCR\Clsid\{CDAD5694-4F28-4DE6-AF94-47B17193F107}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D3FE7114-3C5C-48DD-85EF-4F0883860DE6}"
HKCR\Clsid\{D3FE7114-3C5C-48DD-85EF-4F0883860DE6}
Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DD5C912C-DAC0-4240-AC69-BB2D1A737452}"
HKCR\Clsid\{DD5C912C-DAC0-4240-AC69-BB2D1A737452}
Restoring Windows certificates.
Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

I thank you so much!
Miche

0

Ok good, I like that L2Me fix. However, since 1 scan doesn't always remove all the files.

Therefore, run Look2Me-Destroyer once again, following the same directions as before.

After running completely (and rebooting),

run SpySweeper again, saving the log.

Then, with HJT, fix the following:

O20 - Winlogon Notify: DH - C:\WINDOWS\system32\dn2401fqe.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\

After fixing, restart the computer and post back here with the L2Me scan, SpySweeper scan, and a new HJT scan.

Thanks.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.