Ant200thelink
-
Content Count
8 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by Ant200thelink
-
-
Such of the pop ups are gone, but I'm still running slow
HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 7:09:27 PM, on 3/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ewido log
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:04:52 PM, 3/15/2006
+ Report-Checksum: 879F420
+ Scan result:
C:\Documents and Settings\Jay\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\01234567\rdgUS2397[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\ezStub.exe -> Adware.EZula : Cleaned with backup
C:\installer\id53.exe -> Trojan.SecondThought.g : Cleaned with backup
C:\mfcky.exe.bad -> Downloader.Agent.bq : Cleaned with backup
C:\Overpro323.exe -> Downloader.Agent.ac : Cleaned with backup
C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_23-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_24-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_25-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_26-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_27-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_28-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\AI_29-07-2005.log -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup
C:\Program Files\Aprps\data.bin -> Adware.Apropos : Cleaned with backup
C:\Program Files\backups\backup-20050730-034100-204.dll -> Adware.Wintol : Cleaned with backup
C:\Program Files\backups\backup-20050730-051329-809.dll -> Adware.Wintol : Cleaned with backup
C:\Program Files\ClockSync -> Adware.WhenU : Cleaned with backup
C:\Program Files\ClockSync\Sync.exe_tobedeleted -> Adware.WhenU : Cleaned with backup
C:\Program Files\Common Files\lucttomq\lntnomufao\dammrralu.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\lucttomq\noonmqrb\ucmorqcc.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Temp -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\EbatesMoeMoneyMaker\System\Temp\run.txt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\Internet Explorer\fpbpdsfr.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\Program Files\Internet Explorer\rptjvomh.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\Program Files\Internet Explorer\ryoa.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\Program Files\Internet Explorer\xbpshbcz.exe -> Trojan.Small.ev : Cleaned with backup
C:\Program Files\Kazaa\TopSearch.dll -> Adware.Altnet : Cleaned with backup
C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup
C:\Program Files\MemoryWatcher -> Adware.MemoryWatcher : Cleaned with backup
C:\Program Files\Preview AdService -> Adware.WinTaskAd : Cleaned with backup
C:\Program Files\Preview AdService\Info.txt -> Adware.WinTaskAd : Cleaned with backup
C:\Program Files\SEP -> Adware.SideFind : Cleaned with backup
C:\Program Files\SEP\Uninst.exe -> Adware.SideFind : Cleaned with backup
C:\Program Files\STC\60odhr0b.exe -> Dropper.Small.sc : Cleaned with backup
C:\Program Files\STC\slmss.exe -> Trojan.SecondThought.a : Cleaned with backup
C:\Program Files\WebSavingsfromEbates -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\merchants.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata1.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\tt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\tt\data_ebws400.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\tt\data_excludes_ebws400.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\ApplicationData\updates.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\Applications -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\Applications\cmpck.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\Applications\mercj400.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\Applications\psid410.dls -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\Code -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\Html -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\Images -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\MTemp -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\MTemp\logfile.txt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\System -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\Temp -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup
C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates1.exe -> Adware.MoneyMaker : Cleaned with backup
C:\SaveInstCsSm.exe/Save.exe -> Adware.SaveNow : Error during cleaning
C:\SaveInstCsSm.exe/SaveUninst.exe -> Adware.SaveNow : Error during cleaning
C:\SaveInstCsSm.exe/Save.exe -> Adware.SaveNow : Error during cleaning
C:\SaveInstCsSm.exe/SaveUninst.exe -> Adware.SaveNow : Error during cleaning
C:\SaveInstCsSm.exe/Search.exe -> Adware.SaveNow : Error during cleaning
C:\SaveInstCsSm.exe/Search.exe -> Adware.SaveNow : Error during cleaning
C:\SaveInstCsSm.exe/DnldStub.exe -> Downloader.Small.kl : Error during cleaning
C:\SaveInstCsSm.exe/DnldStub.exe -> Downloader.Small.kl : Error during cleaning
C:\WINDOWS\bx23moc5.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\243461__.exe517 -> Trojan.Dialer.it : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\243461__.exe663 -> Trojan.Dialer.it : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\243461__.exe772 -> Trojan.Dialer.it : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2397.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\rdgUS2397.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI530211NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\v3.dll -> Adware.EliteBar : Cleaned with backup
C:\WINDOWS\loadclean.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\WINDOWS\loadnew.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\mtog7gub.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\n5c24abt.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\oug007mo.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\p6hddt7z.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\rhfgi8yk.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_0_105300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_449200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_449600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_449600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_1_0_454300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_0_105300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_0_105300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_152400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_155300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_0_164100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\b2search.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\cmd32.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\WINDOWS\system32\nsfCA.dll -> Adware.Beginto : Cleaned with backup
C:\WINDOWS\system32\nsrE2.dll -> Adware.Beginto : Cleaned with backup
C:\WINDOWS\system32\nstBE.dll -> Adware.Beginto : Cleaned with backup
C:\WINDOWS\system32\nsv15C.dll -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\nswC4.dll -> Adware.Beginto : Cleaned with backup
C:\WINDOWS\system32\scmt16.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\vy1q0ruo.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINDOWS\y1c7533v.exe -> Downloader.Small.ckj : Cleaned with backup
C:\WINNT\96wu19rd.exe -> Dropper.Small.sc : Cleaned with backup
C:\WINNT\Admsarvw.gef\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Adoafkzen.ljm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Afewywadqgr.ket\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Afwdque.pko\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ageosypdvro.mej\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Agocctpcozf.fsk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Akedzdlye.pox\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Aknftre.ebt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Alchvpfo.ufu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Amvmknqrd.fun\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ancxvibyim.xse\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Apnmljrfxm.izb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Arnnapfa.zmj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Aspabrry.oxv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Atfuhuaiwb.udh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Atmiijaiop.hrw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Aynnadtohls.dew\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ayyskoird.vbq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Azbuaxuc.arb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Azzkbeubc.vzx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Baoaezix.lol\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bbcpvyolz.sxi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bddkjlme.btj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bhzxrolozxk.tfx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bipufqm.xdf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bjmizhtmz.cra\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bjnzvyhmts.jru\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bptsxrgtxya.gqc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Brezanq.loq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Btzkrigk.njg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bvyeasykj.sur\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Bxiwjcqyv.yvv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Carzajchuqh.rkh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cevhztesub.kxf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cfuwlqf.gle\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cfvpkssnxog.baw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ciejkkg.oag\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cmttxrncg.ycv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cnyaqdqidd.xda\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cpozxrba.jyy\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cqjstslmul.jsr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cqobwkljv.avw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cqtncacuo.beh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Crdrvtorz.eto\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cssazyqymno.ajp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cuizpmd.ird\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cyjmvzl.xmv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Cyycrww.ekb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Dcxwgzolore.qqq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Djlnhdmx.uma\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Dnfdqwdo.ofa\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Downloaded Program Files\BridgeX.dll -> Downloader.Briss.a : Cleaned with backup
C:\WINNT\Downloaded Program Files\clientax.dll -> Adware.180Solutions : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\m67m.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\YSBactivex.dll -> Downloader.IstBar.fa : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.2\m67m.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINNT\Downloaded Program Files\loader2.ocx -> Downloader.Agent.ex : Cleaned with backup
C:\WINNT\Downloaded Program Files\m67m.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup
C:\WINNT\Dpwdveeiwxv.ndy\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Dryteppndhe.mva\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Dxdnvwrqyzo.nvi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ecnpkob.ngl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Edpfaaxvq.css\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Eemoeggpirp.cbb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Eeqeinrrqqu.unb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Egiagqlwwj.ozi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Egoencszf.vis\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Eihvkbx.hao\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ennjzssn.njo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Epgwfxy.jat\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Etlnznltlwn.ytl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Evrejrjqsq.ipu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ewswtbx.gnw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Eyxqdcrot.wbf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ffgkzsopa.nww\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fgjskwhxa.bbe\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fgzybvcz.sdo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fhcszbgspbs.wxf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fhojjonqsz.mxo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fiqpicpbpjo.foe\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fjtzeujpf.its\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fmeztppwmob.ite\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fngwgixz.wjc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fqzxkvy.lew\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Frgkorovnw.sxd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fryhjeenbvq.nan\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fsjozed.bvt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fuplyzy.ipd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fvomybbjim.eko\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Fytufyedbx.kda\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gcikgota.irr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Geeihpw.yep\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ghlpmylmxwn.ghd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gkkdasxxbku.xam\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Glclhyxrq.kbz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Glsdedyouo.hnd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Glyxzgjnur.ybp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gnexxzpk.edo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gonyhqyqeb.rnj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gptsdxy.dht\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Grctskv.ydz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gudinifmje.oam\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Gvqbqot.iev\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hazdzyygc.tsb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hfyihymc.hql\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hjbblig.pzb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hkihacloxvq.zyt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hlqgqqrqfa.jgl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hnvybif.vut\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hoipkoad.ckm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hrsscxql.imr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hsiqrvugbm.cug\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Huhdbtqxhxn.hxz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hujzkptz.ret\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hvsrztunhf.vxw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hwbnhxmwkwr.jxr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Hzeozlty.eiq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ibnltqfglgk.cwi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Iezmtjbcw.eel\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ignwyseyptk.eid\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ijeykdjxi.fnm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ilorggvjbng.ybb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ilwlgat.kcf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Innnlbm.dum\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ipbzrqihslu.qmt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\iplg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\Ipvpmxu.mcw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Iqguyebz.qbe\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\javahg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\Jivecup.gea\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jkchwgnva.lvs\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jlmcpjbmnhf.tkd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jlrwdoscrq.liv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jminplen.dad\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jmitmwphcn.vvm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jpuwvkq.wnp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Jwqmseiknqw.mbv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kcginne.lzo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kctdjeo.mjn\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kejugib.rjb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kfujalkcz.gtk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kgwhjdvi.ogr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Khpfjcjbtt.xtw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kmpkbhullm.lty\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kmrbtzsox.ilw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Koophsnuykk.alq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Krgahgd.kxp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Krkbkwmzhxd.uqi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kwnzdbnph.ltq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kxlscgllqu.gqy\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kyyrlsugl.qmn\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Kzempujz.avq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lacgatrnv.gig\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\launchurl.exe -> Trojan.Zapchast : Cleaned with backup
C:\WINNT\Lcblneylfs.mhe\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lhsxdordwl.guv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lijardn.mkj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ljhhlvd.tte\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lknqwpm.lad\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lmvkdfxmwp.psq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lpdcaohtj.cpf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lpdyiwzh.pln\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lrbyhtlths.osu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lrzkbxdh.szg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lsutmzw.vyg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lweskdckvhv.psr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lwsrpwb.kfr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lxxueohujs.gzf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Lzernjbsk.mnv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\MediaMotor25.exe -> Downloader.Small.aak : Cleaned with backup
C:\WINNT\Mesrgtoal.ahx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Mhfzuhpis.xrn\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\minigolf_affiliate.exe -> Downloader.Agent.f : Cleaned with backup
C:\WINNT\MM32.exe -> Downloader.Small.aak : Cleaned with backup
C:\WINNT\Mopfhkjssgq.aky\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Mqrqsryr.dll -> Adware.SearchBand : Cleaned with backup
C:\WINNT\Mugiksoue.wit\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Mvmxcljthu.wnh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Mxyeinp.xfg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nahcgxp.jvk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nbfdzxnn.cmg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nbpofigyh.htl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ndayytutrf.udi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nicstmmypl.chg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nkhiksutcqi.zbh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nlbiwrcz.ytn\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nmohrhqrta.xid\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nnmihgb.pfa\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Novlopqmjn.wzh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Npscpxd.tgo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nupogippo.xhr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nyejmogbejy.dwv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Nyumijau.zgc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Obrbqiq.rsi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ochzsttva.swv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ocwmuigi.foc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Odthvey.gyh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Oecvqsywyw.tzk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ofvenhvwz.bss\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Okpfmsnmj.iij\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Omtjcyi.tll\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Onowulbesya.pyw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Onuhuan.nld\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Onwzubgysp.qoc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Oofhvts.pwu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Owgcndubot.hob\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ozmlahdta.ypq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Oztrcfgxq.ton\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pajpqnm.nfh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Payfeqveitg.bek\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pcmprzm.ffr:xmmps -> Downloader.Agent.bc : Cleaned with backup
C:\WINNT\Pdchptza.ish\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Phpqifibxe.ekc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Phqcsyt.lda\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pivfjhevkif.wcu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Poivdscbxpc.rov\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pqivdwvtsa.oih\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pqqbgveo.cxk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Prebuth.omf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\prelimhanse.exe -> Adware.WebHancer : Cleaned with backup
C:\WINNT\Putdrwm.ygu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pwodflaxn.wny\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pwvzedpf.bbd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pwxzaohpmp.pur\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pxbpumne.qnf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Pzuvdbxbt.unl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qbmfekkacfu.jcq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qerkoayqzcq.rhp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qhtrdes.eqc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qmjoyyxnmd.mvg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qodqcmt.jqp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qogjwoygv.qql\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qpbkihun.vvx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qscmyzq.nhp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qvviaakzw.rlz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qwdvvtjc.hfk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qymqsevde.khn\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qyotbco.ulw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qzesxnikfsz.tvq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Qzvjxjkyefx.psq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rbygvzkkyt.ctw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rceneuad.cka\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rdbadpouiag.wkb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Reawelm.hky\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rfoolbwpyj.zui\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rfovojdm.sep\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rirfehbcon.ply\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rjwpvwljzw.vrf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rlwjbjtvtg.wgt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Roxtmhsy.mnd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Rwoqdutwbg.zhv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\sahagent-fellymedia1002.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Satymomahc.kri\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Sbeqynkkrg.skq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Sdrzlslcda.jfc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Sfiewxa.acc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Smhtwbr.sty\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Sqxfyhlffw.ldt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Srcpcpr.vwt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Sulvoncev.qkk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Suujhwopx.gzp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\system32\2ndsrch.dll -> Trojan.SecondThought.ag : Cleaned with backup
C:\WINNT\system32\apuc.dll -> Adware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\install2.exe -> Trojan.SecondThought.l : Cleaned with backup
C:\WINNT\system32\lcinstaller.exe -> Adware.WinAD : Cleaned with backup
C:\WINNT\system32\msjq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\system32\netuk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINNT\Szcljnsuxu.pmh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Tbatzvyim.oxn\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Tqawjchmp.ryb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Tsrvopg.kty\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Tteqqdra.nur\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ttjslncu.evj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Tudrbacm.tec\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Twynqhs.ubj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Uavjdgj.snb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ubvurrndy.mly\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ucharelc.atp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Udktrnv.wis\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Uhlyetbfw.uqb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Uhoqqmgig.ytt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Uhvwyvi.nza\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ulyqnsd.fed\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup
C:\WINNT\Unswyezsx.uzf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Upxsdkq.bpi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Urdupxrjc.rvh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Usemebfk.erg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Usjqvayjc.mps\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Utnegjd.ari\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Uxqkoway.dwg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Uzmoupilekh.cvo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vbkhyjzq.rxy\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vduyvivm.oxc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vdwunwginpe.tvi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vdzbxbdofnb.igm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Viuvmweyo.gcd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vjisaaon.xll\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vlocmtve.opx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vozobkm.nuk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vpkwcqqjaus.xdl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vqcrrhsrvgz.eji\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vqegqea.qll\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vqrshtzdo.kab\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vrbixmlapb.kyq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vyucbltk.vpa\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Vzjpyowufn.pcd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Waznbxgvt.qxs\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wficzqbdemp.iur\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wgtnoytfiwp.qyw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Whrbxstk.kwo\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\WildApp.dll -> Adware.MediaTickets : Cleaned with backup
C:\WINNT\winhy32.dll -> Downloader.Agent.bc : Cleaned with backup
C:\WINNT\Wiozeit.jba\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wjspxfvjyz.xnm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wllqebu.isx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wlucecppyh.yhq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wtcpwboe.qhz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wtlnythormd.fni\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wuodpceerzu.biq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wwwijooiv.ndi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Wywkbhsjg.kbj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xcohcehbjda.miw\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xdruteelj.gwu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xenzqjrsq.edy\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xhqzpgrvysp.pya\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xiawoxe.luu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xneqkhwhr.bts\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xnngcyqxon.ylz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xoqskxnhwj.gjx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xrlnszz.nze\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xryoehjue.ozm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xuzkchr.kzr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xveswjggfc.xwd\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xxmmsxwkgs.mkz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xxsnnhejtvu.qen\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xxwfkcryvtg.jfc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Xygrgaej.smp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yaoevfhfrgq.ftb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ycyoyest.jcx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yczxzax.zac\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yezbhoqnh.anu\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yghkzozbpwz.zae\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yhbavivnpxg.iwi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yigyjbwv.ebj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yiqldfdvfn.hyc\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ymumpcxyw.pfr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ymwfqgwxga.bqk\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Ystnuogpphc.qsv\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yujuqkcew.him\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yulssbui.hlt\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yuuffdedsv.krr\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yvcpdkb.sbq\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yxinamuwfr.pwy\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yxzstknl.osp\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yykqvyjohqn.bhf\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Yzcrzdouo.ywe\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zbrggrc.qoi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zgdgxiepeyn.axx\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zhyusonjlmi.ufl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zijazam.grh\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zirlbvtml.xgb\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zoakjuv.ddi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zokwkha.bmm\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zopipplx.zot\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zuzseebcm.obz\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zvfqxqpke.pmj\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zwfafwvu.fms\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zwzspveirql.hkg\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zxcdhpgecff.uvi\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\Zxkgmtoto.ijl\sah.exe -> Adware.Sahat : Cleaned with backup
C:\WINNT\_default.pif:bmfff -> Downloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:uiojq -> Downloader.Agent.bc : Cleaned with backup
::Report End
-
because of the infections my computer is running very slow
is there a way I can clean up some of of these viruses so I can download the upgrade
-
I think I did it right, so here it is...
Logfile of HijackThis v1.99.1
Scan saved at 6:45:31 PM, on 3/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\cmd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
everytime I try to use the task Manager it say it was disabled by the Admin. so I turn it back on, then the next time I log on it is turn off again
Please help me with this, amoung other things
Logfile of HijackThis v1.99.1
Scan saved at 4:43:11 PM, on 3/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\cmd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
nevermind I'll get back to you in abit...
-
I did what you said and couldn't find
C:\WINDOWS\\etb\pokapoka69.exe
but I still have the Warnhp Trojan because my desktop is blank
Logfile of HijackThis v1.99.1
Scan saved at 6:53:09 PM, on 1/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\AOL\1136236868\ee\AOLHostManager.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\AOL\1136236868\ee\AOLServiceHost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136236868\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
I have that beautiful trojan known as Warnhp
that is where your desktop is replaced by a Spyware warning and when you delete file
Warnhp your desktop is then replace by a blank wallpaper
Any help for a new member?
Logfile of HijackThis v1.99.1
Scan saved at 10:55:06 PM, on 1/9/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1136236868\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1136236868\ee\AOLServiceHost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1136236868\ee\AOLServiceHost.exe
C:\Program Files\Kazaa\kazaa.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://as.starware.com/dp/search?x=wKX1ILE...hXTkqakvvDgEZ1Q
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.my-etrust.com/Redirect/router.a...EZ&ver=10630100
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [system service69] C:\WINDOWS\\etb\pokapoka69.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136236868\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/zenpuzzlegarden/mi...pGameLoader.dll
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c5.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Task Manager Not Working! (hjt Log Inside)[INACTIVE]
in Malware Removal
Posted
Alrighty...
It looks like Aproposfix didn't do anything, but I don't know..
log of AproposFix v1.1
************
Running from directory:
C:\Documents and Settings\Jay\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!
HJT log
Logfile of HijackThis v1.99.1
Scan saved at 5:55:29 PM, on 3/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe