My little brother somehow got surf side kick installed on the computer
I have been trying to get rid of these for several hours
I have run Norton and deleted 8 files and through adware i have quaratined and delete a lot
After deleting and restarting the first time the desktop was unactive. and when visting a website a got a strange error I never seen before
I am still getting a lot of advertisement/pop ups
Please help
Hijack log below and Ad aware quarantine below
I have also tried http://www.symantec.com/avcenter/venc/d ... ekick.html
Before i used ad aware windows defender always found surf side kick but now says no unwanted or harmful software detected
Kind Regards
Kieran
Logfile of HijackThis v1.99.1
Scan saved at 23:53:18, on 23/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\DOCUME~1\Kieran\APPLIC~1\SKS~1\cmd.exe
C:\WINDOWS\system32\?ppPatch\spool32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Kieran\Desktop\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\RunServices: [Windows Recylinder Check] xyyicxsnjb.exe
O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S21B.tmp"
O4 - HKCU\..\Run: [Cepp] "C:\DOCUME~1\Kieran\APPLIC~1\SKS~1\cmd.exe" -vt yazr
O4 - HKCU\..\Run: [Tvp] C:\WINDOWS\system32\?ppPatch\spool32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .hlq: C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: DigiChatMaster Applet - http://albany.digi-net.com/DigiChat/Dig ... _1_0_1.cab
O16 - DPF: Video Poker - http://download.games.yahoo.com/games/c ... vpt0_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/c ... /xs2_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/c ... /jt0_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/c ... /ct0_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/c ... dtt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c ... lts0_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/c ... /zs0_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/c ... gst0_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht0_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potb_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/c ... ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/public/chat/msnchat41.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 3090166312
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleo ... gleNav.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/Z4/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (YBIOCtrl Class) - http://us.dl1.yimg.com/download.yahoo.c ... io4025.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... owdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC1884E0-FB62-409B-A4A4-1491EC7C7C8D}: NameServer = 212.74.114.129 212.74.112.66
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\g2jolc131f.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
ArchiveData(auto-quarantine- 2006-06-23 23-30-05.bckp)
Referencefile : SE1R112 15.06.2006
======================================================
ADWARE.LOOK2ME
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Process : C:\WINDOWS\system32\jtnu0759e.dll
obj[1]=Process : C:\WINDOWS\system32\vublock.dll
obj[2]=Process : C:\WINDOWS\system32\vublock.dll
obj[71]=Regkey : software\microsoft\windows nt\currentversion\winlogon\notify
obj[72]=RegValue : software\microsoft\windows nt\currentversion\winlogon\notify "DllName"
obj[73]=RegValue : software\microsoft\windows nt\currentversion\winlogon\notify "Impersonate"
obj[74]=RegValue : software\microsoft\windows nt\currentversion\winlogon\notify "Logon"
obj[75]=RegValue : software\microsoft\windows nt\currentversion\winlogon\notify "Logoff"
obj[76]=RegValue : software\microsoft\windows nt\currentversion\winlogon\notify "Shutdown"
TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[3]=IECache Entry : Cookie:kieran@realmedia.com/
obj[4]=IECache Entry : Cookie:kieran@statcounter.com/
obj[5]=IECache Entry : Cookie:kieran@~~local~~/
obj[6]=IECache Entry : Cookie:kieran@etype.adbureau.net/
obj[7]=IECache Entry : Cookie:kieran@clickbank.net/
obj[8]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@0[2].txt
obj[9]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@0[3].txt
obj[10]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@adrevolver[1].txt
obj[11]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@ads.clickad.com[2].txt
obj[12]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@adserver.adreactor[1].txt
obj[13]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@adserver.promokant[1].txt
obj[14]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@adtech[2].txt
obj[15]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@advertiseireland[1].txt
obj[16]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@apmebf[1].txt
obj[17]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@atdmt[2].txt
obj[18]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@beweb[1].txt
obj[19]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@bravenet[1].txt
obj[20]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[10].txt
obj[21]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[11].txt
obj[22]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[1].txt
obj[23]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[2].txt
obj[24]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[3].txt
obj[25]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[4].txt
obj[26]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[5].txt
obj[27]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[6].txt
obj[28]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[7].txt
obj[29]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[8].txt
obj[30]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cgi-bin[9].txt
obj[31]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@clickbank[1].txt
obj[32]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@cs.sexcounter[2].txt
obj[33]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@doubleclick[2].txt
obj[34]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@ehg-bskyb.hitbox[2].txt
obj[35]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@ehg-ladbrokes.hitbox[2].txt
obj[36]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@estat[1].txt
obj[37]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@etype.adbureau[1].txt
obj[38]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@haynet.adbureau[1].txt
obj[39]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@hc2.humanclick[2].txt
obj[40]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@hg1.hitbox[1].txt
obj[41]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@hitbox[1].txt
obj[42]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@instadia[1].txt
obj[43]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@kliks[2].txt
obj[44]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@landing.domainsponsor[2].txt
obj[45]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@list[2].txt
obj[46]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@lscore.adbureau[2].txt
obj[47]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@mediaplex[1].txt
obj[48]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@metriweb[2].txt
obj[49]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@partners.webmasterplan[1].txt
obj[50]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@please[1].txt
obj[51]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@please[2].txt
obj[52]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@qksrv[2].txt
obj[53]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@realmedia[2].txt
obj[54]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@real[2].txt
obj[55]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@redeye.willhill[1].txt
obj[56]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@seeq[1].txt
obj[57]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@servedby.netshelter[2].txt
obj[58]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@server.iad.liveperson[1].txt
obj[59]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@stat.onestat[1].txt
obj[60]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@statse.webtrendslive[1].txt
obj[61]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@tickle[2].txt
obj[62]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@tribalfusion[1].txt
obj[63]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@tripod[1].txt
obj[64]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@weborama[2].txt
obj[65]=IECache Entry : C:\Documents and Settings\Kieran\Cookies\kieran@xml.bravenetmedianetwork[1].txt
obj[66]=IECache Entry : C:\Documents and Settings\Kieran\Local Settings\Temp\Cookies\kieran@clickbank[2].txt
obj[67]=IECache Entry : C:\Documents and Settings\Kieran\Local Settings\Temp\Cookies\kieran@etype.adbureau[2].txt
obj[68]=IECache Entry : C:\Documents and Settings\Kieran\Local Settings\Temp\Cookies\kieran@realmedia[1].txt
obj[69]=IECache Entry : C:\Documents and Settings\Kieran\Local Settings\Temp\Cookies\kieran@statcounter[1].txt
obj[70]=IECache Entry : C:\Documents and Settings\Kieran\Local Settings\Temp\Cookies\kieran@~~local~~[2].txt
ADWARE.DOLLARREVENUE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[77]=Regkey : software\microsoft\drsmartload2
obj[89]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\4N1ZQURX\keyboard25[1].exe
obj[92]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\GHIJKHMN\newname25[1].exe
obj[107]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030781.exe
obj[109]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030783.exe
COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[78]=Regkey : software\microsoft\windows\currentversion\internet settings\zonemap\domains\i--search.com
obj[79]=Regkey : software\microsoft\downloadmanager
obj[80]=Regkey : software\microsoft\internet explorer\urlsearchhooks
obj[81]=RegValue : software\microsoft\internet explorer\main "Enable Browser Extensions"
obj[82]=RegValue : software\microsoft\internet explorer\main "Search Bar"
obj[83]=RegValue : software\microsoft\internet explorer\new windows "PopupMgr"
obj[84]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[91]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\8FT7EIVD\Installer[1].exe
obj[116]=File : C:\warebundle.exe
obj[124]=File : C:\WINDOWS\warebundle.exe
WIN32.TROJANCLICKER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[85]=RegData : software\microsoft\windows nt\currentversion\winlogon "Userinit"
obj[100]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030769.dll
obj[120]=File : C:\WINDOWS\system32\atmtd.dll._
CMDSERVICES
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[86]=File : C:\Documents and Settings\Kieran\Local Settings\Temp\cmdinst.exe
obj[88]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\4D8XQ7SP\installer[1].exe
obj[93]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\QH9IV2T0\MTE3NDI6ODoxNg[1].exe
obj[108]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030782.exe
obj[118]=File : C:\WINDOWS\MTE3NDI6ODoxNg.exe
obj[119]=File : C:\WINDOWS\S2llcmFu\command.exe
TARGETSAVER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[87]=File : C:\Documents and Settings\Kieran\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe
SURFSIDEKICKBHO
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[90]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\4N1ZQURX\SS1001[1].exe
obj[98]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030765.exe
WEBHANCER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[94]=File : C:\Documents and Settings\Kieran\Local Settings\Temporary Internet Files\Content.IE5\SLMRKHI3\WHCC2[1].exe
obj[101]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030772.exe
obj[102]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030773.exe
obj[103]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030774.exe
obj[104]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030775.dll
obj[105]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030776.dll
obj[117]=File : C:\WHCC2.exe
WIN32.TROJAN.DOWNLOADER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[95]=File : C:\Program Files\Movie Maker\wmm2ae.exe
obj[96]=File : C:\stub_113_4_0_4_0.exe
obj[97]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP333\A0030760.exe
obj[106]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030777.exe
obj[125]=File : \drsmartload422a.exe
obj[126]=File : \drsmartload45b.exe
obj[127]=File : \drsmartload46c.exe
obj[128]=File : \drsmartload849b.exe
obj[129]=File : C:\WINDOWS\drsmartload2.dat
obj[130]=File : c:\windows\system32\guard.tmp
VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[99]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030767.dll
obj[114]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030790.dll
obj[121]=File : C:\WINDOWS\system32\cumpobj.dll
obj[122]=File : C:\WINDOWS\system32\cwl3dv2.dll
obj[123]=File : C:\WINDOWS\system32\k8no0i53e8.dll
ADWARE.YAZZLE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[110]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030784.exe
obj[111]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030785.exe
obj[115]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP341\A0031915.exe
ISEARCH TOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[112]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030788.dll
WIN32.TROJAN.DNSCHANGER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[113]=File : C:\System Volume Information\_restore{8AA3F290-B0DF-45AF-B5BA-E37EC51D29AF}\RP334\A0030789.exe
OTHER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[131]=File : C:\WINDOWS\prefetch\CMDINST.EXE-0D1DC9EE.pf
obj[132]=File : C:\WINDOWS\prefetch\WMM2AE.EXE-322F3994.pf
obj[133]=File : C:\WINDOWS\prefetch\STUB_113_4_0_4_0.EXE-32891155.pf
obj[134]=File : C:\WINDOWS\prefetch\WAREBUNDLE.EXE-0DB3117A.pf
obj[135]=File : C:\WINDOWS\prefetch\WAREBUNDLE.EXE-30CC14A8.pf
obj[136]=File : C:\WINDOWS\prefetch\WHCC2.EXE-29C4F9E2.pf
obj[137]=File : C:\WINDOWS\prefetch\MTE3NDI6ODOXNG.EXE-0C5660D8.pf
obj[138]=File : C:\WINDOWS\prefetch\MTE3NDI6ODOXNG.EXE-34CC5A1F.pf
obj[139]=File : C:\WINDOWS\prefetch\COMMAND.EXE-0666F74A.pf
obj[140]=File : C:\WINDOWS\prefetch\DRSMARTLOAD422A.EXE-150F14B3.pf
obj[141]=File : C:\WINDOWS\prefetch\DRSMARTLOAD45B.EXE-0E9D1982.pf
obj[142]=File : C:\WINDOWS\prefetch\DRSMARTLOAD46C.EXE-3478E67A.pf
obj[143]=File : C:\WINDOWS\prefetch\DRSMARTLOAD849B.EXE-336CFA8C.pf