 |  |  |  |  |  |  |  |
surf sidekick 3 and a trojan on OutLook
 |
Greetings Tech Gods.
I am very happy that I have found this site. Here's my story. I just purchased a refurbished laptop. Great system. Windows XP Professional, 256 MB, 1 Gig Pentium III Processor, and a 20 Gig hardrive. Wireless. It's great. Until, I downloaded surf sidekick3, and sometype of trojan virus on outlook unexpectedly.
Can you help me in killing those rat basterds! And making my computer whole again?
If so, I will forever pay omage to the computer gods. (and never pick on my wife for warning NOT to do what I did...LOL.)
I am very happy that I have found this site. Here's my story. I just purchased a refurbished laptop. Great system. Windows XP Professional, 256 MB, 1 Gig Pentium III Processor, and a 20 Gig hardrive. Wireless. It's great. Until, I downloaded surf sidekick3, and sometype of trojan virus on outlook unexpectedly.
Can you help me in killing those rat basterds! And making my computer whole again?
If so, I will forever pay omage to the computer gods. (and never pick on my wife for warning NOT to do what I did...LOL.)
•
•
Join Date: Feb 2004
Posts: 10,006
Reputation: 
Solved Threads: 757
Hi and welcome to Daniweb forums 
.
==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
.==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
ok...if i can get through all of the pop ups....LOL
•
•
•
•
Originally Posted by crunchie
Hi and welcome to Daniweb forums
==
Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
•
•
•
•
Originally Posted by Saber56
ok...if i can get through all of the pop ups....LOL
Scan saved at 8:25:10 AM, on 5/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe
C:\defender23.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\windows\system32\rk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\uzko\uzkom.exe
C:\Program Files\Spyware & Adware Removal\SAR.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temporary Internet Files\Content.IE5\OLAZ4LYV\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\nxevt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtkyevu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwintqez.exe GID003
O4 - HKLM\..\Run: [urcznzfA] C:\WINDOWS\urcznzfA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [w0265f25.dll] RUNDLL32.EXE w0265f25.dll,I2 0011524000265f25
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rk.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uzko] C:\PROGRA~1\COMMON~1\uzko\uzkom.exe
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwintqez.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\j4l40e3qeh.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
•
•
Join Date: Feb 2004
Posts: 10,006
Reputation:
Solved Threads: 757
Please move hijackthis to a permanent folder as advised in my first post . If you had downloaded the self extracting version, it would have self installed into it's own permanent folder.
Am checking through your log now.
. If you had downloaded the self extracting version, it would have self installed into it's own permanent folder.Am checking through your log now.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 10,006
Reputation:
Solved Threads: 757
Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)
==
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU)
Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat
Click YES and follow the prompts, when prompted to restart the PC please do so.
==
Please download the trial version of Ewido anti-malware here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
- Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
- Place qoofix.bat in your C:\BFU - folder. (Important!)
- Doubleclick qooFix.bat, Close all browsers and explorer folders.
- Choose option 1 (Qoolfix autofix) and follow the prompts.
- Please be patient, it will take about five minutes.
- Reboot
==
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU)
Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat
Click YES and follow the prompts, when prompted to restart the PC please do so.
==
Please download the trial version of Ewido anti-malware here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml
Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Feb 2004
Posts: 10,006
Reputation:
Solved Threads: 757
•
•
•
•
Originally Posted by Saber56
error message reads:
C:\WINDOWS\system32\regedit.com is not a valid WIN32 application
. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Ok......but it is from attempting to run qoofix option 1
•
•
•
•
Originally Posted by crunchie
From what? Carry out as much of the instructions as possible. I cannot get back to you until tomorrow now as I am off to bed
Here are the reports from the Ewido scan and the Hijack scan
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:17:59 AM, 5/28/2006
+ Report-Checksum: A996D354
+ Scan result:
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Adware.Look2Me : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[624] C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
[748] C:\WINDOWS\system32\sii.dll -> Adware.Look2Me : Error during cleaning
C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ehg-netquote.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\!update.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\cln1AC.tmp -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\i1D0.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\pre.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\OSMIM.dll -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\ossproxy.exe -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\rk.bin -> Adware.RK : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Program Files\Common Files\uzko\uzkom.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\Online Services\mehe..exe -> Adware.Agent : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000990.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000991.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000995.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000996.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000997.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000998.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000999.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001000.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001001.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001004.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001005.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001006.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001007.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001013.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001021.exe -> Downloader.Small.cpu : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001022.exe -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001029.exe -> Downloader.Small.cpu : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001030.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001031.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001034.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001036.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001037.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001038.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001039.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001040.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001041.dll -> Downloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001046.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001047.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001048.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001051.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001052.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001056.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001059.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001071.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001073.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001083.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001084.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001085.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001087.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001088.exe -> Dropper.VB.mz : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001993.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002025.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002027.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002054.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002060.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002066.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002074.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003087.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003106.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003108.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003110.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003124.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003131.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003136.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003140.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003141.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003158.dll -> Downloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003170.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003172.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003182.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003229.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003234.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004134.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004142.exe -> Adware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004145.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004154.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004157.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004161.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004162.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004180.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004182.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004194.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005206.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005207.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005208.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005209.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005211.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005522.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005523.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005525.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005526.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005530.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005532.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005558.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005563.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005580.exe/clientax.dll -> Adware.180Solutions : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005580.exe/clientax.dll -> Adware.180Solutions : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005591.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005594.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005599.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005609.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005610.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005611.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005612.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005615.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005616.dll -> Adware.Zango : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005617.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005622.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005642.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005643.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005644.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005645.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005646.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005647.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005650.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005651.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005652.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005653.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005654.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005655.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005656.exe -> Adware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005657.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005658.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005661.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005662.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005663.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005664.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005667.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005669.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005670.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005671.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005672.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005676.exe -> Trojan.Qoologic : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005677.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005678.dll -> Adware.TargetServer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005679.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005680.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005682.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005683.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005684.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005690.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005691.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005696.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005705.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005709.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005720.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005721.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0006718.dll -> Adware.Look2Me : Cleaned with backup
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\cmcug.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\en64l1jq1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\klcom.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rk.exe -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\w0265f25.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
::Report End
Hijack Report:
Logfile of HijackThis v1.99.1
Scan saved at 10:24:52 AM, on 5/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\defender23.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware & Adware Removal\SAR.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\nxevt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtkyevu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwintqez.exe GID003
O4 - HKLM\..\Run: [urcznzfA] C:\WINDOWS\urcznzfA.exe
O4 - HKLM\..\Run: [w0265f25.dll] RUNDLL32.EXE w0265f25.dll,I2 0011524000265f25
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwintqez.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\m0280afued280.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Still getting some funkie things and more pop-ups.....
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:17:59 AM, 5/28/2006
+ Report-Checksum: A996D354
+ Scan result:
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Adware.Look2Me : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[624] C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
[748] C:\WINDOWS\system32\sii.dll -> Adware.Look2Me : Error during cleaning
C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ehg-netquote.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\!update.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\cln1AC.tmp -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\i1D0.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\pre.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\OSMIM.dll -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\ossproxy.exe -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\rk.bin -> Adware.RK : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Program Files\Common Files\uzko\uzkom.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\Online Services\mehe..exe -> Adware.Agent : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000990.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000991.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000995.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000996.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000997.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000998.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000999.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001000.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001001.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001004.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001005.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001006.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001007.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001013.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001021.exe -> Downloader.Small.cpu : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001022.exe -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001029.exe -> Downloader.Small.cpu : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001030.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001031.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001034.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001036.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001037.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001038.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001039.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001040.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001041.dll -> Downloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001046.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001047.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001048.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001051.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001052.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001056.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001059.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001071.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001073.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001083.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001084.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001085.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001087.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001088.exe -> Dropper.VB.mz : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001993.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002025.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002027.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002054.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002060.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002066.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002074.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003087.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003106.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003108.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003110.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003124.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003131.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003136.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003140.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003141.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003158.dll -> Downloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003170.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003172.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003182.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003229.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003234.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004134.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004142.exe -> Adware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004145.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004154.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004157.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004161.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004162.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004180.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004182.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004194.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005206.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005207.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005208.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005209.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005211.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005522.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005523.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005525.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005526.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005530.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005532.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005558.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005563.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005580.exe/clientax.dll -> Adware.180Solutions : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005580.exe/clientax.dll -> Adware.180Solutions : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005591.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005594.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005599.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005609.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005610.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005611.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005612.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005615.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005616.dll -> Adware.Zango : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005617.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005622.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005642.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005643.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005644.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005645.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005646.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005647.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005650.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005651.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005652.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005653.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005654.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005655.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005656.exe -> Adware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005657.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005658.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005661.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005662.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005663.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005664.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005667.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005669.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005670.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005671.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005672.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005676.exe -> Trojan.Qoologic : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005677.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005678.dll -> Adware.TargetServer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005679.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005680.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005682.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005683.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005684.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005690.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005691.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005696.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005705.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005709.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005720.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005721.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0006718.dll -> Adware.Look2Me : Cleaned with backup
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\cmcug.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\en64l1jq1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\klcom.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rk.exe -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\w0265f25.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
::Report End
Hijack Report:
Logfile of HijackThis v1.99.1
Scan saved at 10:24:52 AM, on 5/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\defender23.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware & Adware Removal\SAR.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\nxevt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtkyevu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwintqez.exe GID003
O4 - HKLM\..\Run: [urcznzfA] C:\WINDOWS\urcznzfA.exe
O4 - HKLM\..\Run: [w0265f25.dll] RUNDLL32.EXE w0265f25.dll,I2 0011524000265f25
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwintqez.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\m0280afued280.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Still getting some funkie things and more pop-ups.....
|
Similar Threads
- Surf Sidekick has taken over my computer (Viruses, Spyware and other Nasties)
- surf sidekick 3 and other nondesirables (Viruses, Spyware and other Nasties)
- Surf Sidekick be a vicious beastie (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Hjt Log
- Next Thread: malware is killing me
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple audio avg bar blackhat botnet botnets censorship commercial commercials conficker connect crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses vista war warning windows worm yahoo zeroday
