0

Greetings Tech Gods.

I am very happy that I have found this site. Here's my story. I just purchased a refurbished laptop. Great system. Windows XP Professional, 256 MB, 1 Gig Pentium III Processor, and a 20 Gig hardrive. Wireless. It's great. Until, I downloaded surf sidekick3, and sometype of trojan virus on outlook unexpectedly.

Can you help me in killing those rat basterds! And making my computer whole again?

If so, I will forever pay omage to the computer gods. (and never pick on my wife for warning NOT to do what I did...LOL.)

2
Contributors
12
Replies
13
Views
11 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to Daniweb forums :).

==

Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

0

ok...if i can get through all of the pop ups....LOL

Hi and welcome to Daniweb forums :).

==

Download HijackThis self-extracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

0

ok...if i can get through all of the pop ups....LOL

Logfile of HijackThis v1.99.1
Scan saved at 8:25:10 AM, on 5/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe
C:\defender23.exe
C:\WINDOWS\SYSC00.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\webHancer\Programs\whsurvey.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\windows\system32\rk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\uzko\uzkom.exe
C:\Program Files\Spyware & Adware Removal\SAR.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temporary Internet Files\Content.IE5\OLAZ4LYV\hijackthis[1]\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\nxevt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtkyevu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwintqez.exe GID003
O4 - HKLM\..\Run: [urcznzfA] C:\WINDOWS\urcznzfA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [w0265f25.dll] RUNDLL32.EXE w0265f25.dll,I2 0011524000265f25
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rk.exe -boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [uzko] C:\PROGRA~1\COMMON~1\uzko\uzkom.exe
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwintqez.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\j4l40e3qeh.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

0

Please move hijackthis to a permanent folder as advised in my first post :). If you had downloaded the self extracting version, it would have self installed into it's own permanent folder.
Am checking through your log now.

0

Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)

  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  • Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • Reboot

==

RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download SideKickFix by LonnyRJones.
Save it in the same folder you made earlier (c:\BFU)

Please close ALL other open windows & explorer folder's, then double-click on sidekickFix.bat
Click YES and follow the prompts, when prompted to restart the PC please do so.

==

Please download the trial version of Ewido anti-malware here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.

Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

0

error message reads:

C:\WINDOWS\system32\regedit.com is not a valid WIN32 application

From what? Carry out as much of the instructions as possible. I cannot get back to you until tomorrow now as I am off to bed :).

0

Ok......but it is from attempting to run qoofix option 1

From what? Carry out as much of the instructions as possible. I cannot get back to you until tomorrow now as I am off to bed :).

0

Here are the reports from the Ewido scan and the Hijack scan

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:17:59 AM, 5/28/2006
+ Report-Checksum: A996D354
+ Scan result:
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer -> Adware.Look2Me : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1157166300-3604470327-847386435-1004\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[624] C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
[748] C:\WINDOWS\system32\sii.dll -> Adware.Look2Me : Error during cleaning
C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@2o7"]gaynor@2o7[/EMAIL][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@adjuggler"]gaynor@adjuggler[/EMAIL][1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@adrevolver"]gaynor@adrevolver[/EMAIL][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@advertising"]gaynor@advertising[/EMAIL][2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@atdmt"]gaynor@atdmt[/EMAIL][1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@bfast"]gaynor@bfast[/EMAIL][2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@clickbank"]gaynor@clickbank[/EMAIL][1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@cpvfeed"]gaynor@cpvfeed[/EMAIL][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@doubleclick"]gaynor@doubleclick[/EMAIL][1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ehg-nestleusainc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@ehg-netquote.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@fastclick"]gaynor@fastclick[/EMAIL][2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@hitbox"]gaynor@hitbox[/EMAIL][2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@kmpads"]gaynor@kmpads[/EMAIL][2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@mediaplex"]gaynor@mediaplex[/EMAIL][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@questionmarket"]gaynor@questionmarket[/EMAIL][2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@revenue"]gaynor@revenue[/EMAIL][1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@serving-sys"]gaynor@serving-sys[/EMAIL][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@statcounter"]gaynor@statcounter[/EMAIL][1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@tacoda"]gaynor@tacoda[/EMAIL][1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@targetnet"]gaynor@targetnet[/EMAIL][1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@trafficmp"]gaynor@trafficmp[/EMAIL][2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@trafic"]gaynor@trafic[/EMAIL][1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@tribalfusion"]gaynor@tribalfusion[/EMAIL][2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@web-stat"]gaynor@web-stat[/EMAIL][2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@yieldmanager"]gaynor@yieldmanager[/EMAIL][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c gaynor@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Cookies\hollis c [EMAIL="gaynor@zedo"]gaynor@zedo[/EMAIL][2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\!update.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\cln1AC.tmp -> Downloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\i1D0.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\pre.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\OSMIM.dll -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\ossproxy.exe -> Adware.RK : Cleaned with backup
C:\Documents and Settings\Hollis C Gaynor\Local Settings\Temp\~os26C.tmp\rk.bin -> Adware.RK : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Program Files\Common Files\uzko\uzkom.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\Online Services\mehe..exe -> Adware.Agent : Cleaned with backup
C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : Cleaned with backup
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000990.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000991.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000995.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000996.exe -> Downloader.VB.tw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000997.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000998.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0000999.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001000.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001001.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001004.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001005.exe -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001006.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001007.dll -> Adware.WebHancer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001013.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001021.exe -> Downloader.Small.cpu : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001022.exe -> Adware.RK : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001029.exe -> Downloader.Small.cpu : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001030.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001031.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001034.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001036.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001037.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001038.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001039.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001040.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001041.dll -> Downloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001046.EXE -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001047.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001048.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001051.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001052.exe -> Dropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001056.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001059.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001071.exe -> Hijacker.Small : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001073.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001083.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001084.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001085.dll -> Adware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001087.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001088.exe -> Dropper.VB.mz : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0001993.dll -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002025.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002027.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002054.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002060.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002066.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP1\A0002074.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003087.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003106.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003108.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003110.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003124.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003131.exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003136.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003140.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003141.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003158.dll -> Downloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003170.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP2\A0003172.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003182.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003229.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0003234.exe -> Downloader.VB.nw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004134.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004142.exe -> Adware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004145.exe -> Adware.AdURL : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004154.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004157.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004161.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004162.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004180.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004182.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0004194.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005206.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005207.exe -> Hijacker.VB.ij : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005208.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005209.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005211.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005522.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005523.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005525.exe -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005526.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005530.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005532.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005558.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005563.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005580.exe/clientax.dll -> Adware.180Solutions : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005580.exe/clientax.dll -> Adware.180Solutions : Error during cleaning
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005591.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005594.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005599.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005609.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005610.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005611.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005612.exe -> Adware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005615.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005616.dll -> Adware.Zango : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005617.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005622.exe -> Adware.Agent : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005642.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005643.exe -> Worm.VB.dw : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005644.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005645.exe -> Trojan.VB.tg : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005646.exe -> Dropper.Agent.aie : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005647.exe -> Downloader.Small.ajc : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005650.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005651.exe -> Downloader.Adload.bq : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005652.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005653.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005654.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005655.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005656.exe -> Adware.Zestyfind : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005657.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005658.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005661.dll -> Downloader.Small.ctp : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005662.exe -> Adware.Enbrow : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005663.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005664.exe -> Downloader.Small.buy : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005666.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005667.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005669.exe -> Downloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005670.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005671.exe -> Dropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005672.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005676.exe -> Trojan.Qoologic : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005677.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005678.dll -> Adware.TargetServer : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005679.exe -> Downloader.TSUpdate.p : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005680.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005682.exe -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005683.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005684.exe -> Adware.ZenoSearch : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005690.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005691.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005696.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005705.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005709.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005720.dll -> Adware.Surfside : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0005721.dll -> Adware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{DFD4CD16-AFB5-4994-A4BB-2359B9C396BB}\RP3\A0006718.dll -> Adware.Look2Me : Cleaned with backup
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\cmcug.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\en64l1jq1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\klcom.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rk.exe -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup
C:\WINDOWS\system32\w0265f25.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINDOWS\WHCC2.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning

::Report End


Hijack Report:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:52 AM, on 5/28/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ltmsg.exe
C:\WINDOWS\System32\tp4serv.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\defender23.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware & Adware Removal\SAR.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\nxevt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xtkyevu.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [defender] C:\\defender23.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\pwintqez.exe GID003
O4 - HKLM\..\Run: [urcznzfA] C:\WINDOWS\urcznzfA.exe
O4 - HKLM\..\Run: [w0265f25.dll] RUNDLL32.EXE w0265f25.dll,I2 0011524000265f25
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwintqez.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O20 - AppInit_DLLs: repairs303169587.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\m0280afued280.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SG9sbGlzIEMgR2F5bm9y\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Still getting some funkie things and more pop-ups.....

0

Please download Look2Me-Destroyer.exe to your desktop.
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK.
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning[/color\ message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Turn your computer back on.
Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

==

Not sure what the error is. I will try and find out.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.