Task Manager Not Working! (hjt Log Inside)[INACTIVE]


Recommended Posts

everytime I try to use the task Manager it say it was disabled by the Admin. so I turn it back on, then the next time I log on it is turn off again

Please help me with this, amoung other things

Logfile of HijackThis v1.99.1

Scan saved at 4:43:11 PM, on 3/11/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\cmd32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Link to post
Share on other sites

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here

Apply the update, reboot, and post a fresh Hijack This log.

Link to post
Share on other sites

I think I did it right, so here it is...

Logfile of HijackThis v1.99.1

Scan saved at 6:45:31 PM, on 3/13/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\System32\cmd32.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Link to post
Share on other sites

Please download ewido anti-malware it is a trial version of the program.

  • Install ewido anti-malware
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen

You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update
  • Then click on Start Update

The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.

Now close ewido anti-malware.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.

Link to post
Share on other sites

Such of the pop ups are gone, but I'm still running slow

HJT Log

Logfile of HijackThis v1.99.1

Scan saved at 7:09:27 PM, on 3/15/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ewido log

ewido anti-malware - Scan report

---------------------------------------------------------

+ Created on: 7:04:52 PM, 3/15/2006

+ Report-Checksum: 879F420

+ Scan result:

C:\Documents and Settings\Jay\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\[email protected][1].txt -> TrackingCookie.Specificclick : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup

C:\Documents and Settings\Jay\Cookies\jay@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup

C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\01234567\rdgUS2397[1].exe -> Downloader.Small.ayl : Cleaned with backup

C:\ezStub.exe -> Adware.EZula : Cleaned with backup

C:\installer\id53.exe -> Trojan.SecondThought.g : Cleaned with backup

C:\mfcky.exe.bad -> Downloader.Agent.bq : Cleaned with backup

C:\Overpro323.exe -> Downloader.Agent.ac : Cleaned with backup

C:\Program Files\Aprps -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_23-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_24-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_25-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_26-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_27-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_28-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\AI_29-07-2005.log -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\atl.dll -> Adware.Apropos : Cleaned with backup

C:\Program Files\Aprps\data.bin -> Adware.Apropos : Cleaned with backup

C:\Program Files\backups\backup-20050730-034100-204.dll -> Adware.Wintol : Cleaned with backup

C:\Program Files\backups\backup-20050730-051329-809.dll -> Adware.Wintol : Cleaned with backup

C:\Program Files\ClockSync -> Adware.WhenU : Cleaned with backup

C:\Program Files\ClockSync\Sync.exe_tobedeleted -> Adware.WhenU : Cleaned with backup

C:\Program Files\Common Files\lucttomq\lntnomufao\dammrralu.exe -> Adware.Gator : Cleaned with backup

C:\Program Files\Common Files\lucttomq\noonmqrb\ucmorqcc.exe -> Adware.Gator : Cleaned with backup

C:\Program Files\EbatesMoeMoneyMaker -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\EbatesMoeMoneyMaker\System -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\EbatesMoeMoneyMaker\System\Temp -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\EbatesMoeMoneyMaker\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\EbatesMoeMoneyMaker\System\Temp\run.txt -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\Internet Explorer\fpbpdsfr.exe -> Downloader.Delf.aeu : Cleaned with backup

C:\Program Files\Internet Explorer\rptjvomh.exe -> Downloader.Delf.aeu : Cleaned with backup

C:\Program Files\Internet Explorer\ryoa.exe -> Downloader.Delf.aeu : Cleaned with backup

C:\Program Files\Internet Explorer\xbpshbcz.exe -> Trojan.Small.ev : Cleaned with backup

C:\Program Files\Kazaa\TopSearch.dll -> Adware.Altnet : Cleaned with backup

C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup

C:\Program Files\MemoryWatcher -> Adware.MemoryWatcher : Cleaned with backup

C:\Program Files\Preview AdService -> Adware.WinTaskAd : Cleaned with backup

C:\Program Files\Preview AdService\Info.txt -> Adware.WinTaskAd : Cleaned with backup

C:\Program Files\SEP -> Adware.SideFind : Cleaned with backup

C:\Program Files\SEP\Uninst.exe -> Adware.SideFind : Cleaned with backup

C:\Program Files\STC\60odhr0b.exe -> Dropper.Small.sc : Cleaned with backup

C:\Program Files\STC\slmss.exe -> Trojan.SecondThought.a : Cleaned with backup

C:\Program Files\WebSavingsfromEbates -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\merchants.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\systemdata1.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\tt -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\tt\data_ebws400.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\tt\data_excludes_ebws400.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\ApplicationData\updates.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\Applications -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\Applications\cmpck.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\Applications\mercj400.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\Applications\psid410.dls -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\Code -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\Html -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\Images -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\MTemp -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\MTemp\logfile.txt -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\System -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\Temp -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\System\Temp\dump.txt -> Adware.MoneyMaker : Cleaned with backup

C:\Program Files\WebSavingsfromEbates\WebSavingsfromEbates1.exe -> Adware.MoneyMaker : Cleaned with backup

C:\SaveInstCsSm.exe/Save.exe -> Adware.SaveNow : Error during cleaning

C:\SaveInstCsSm.exe/SaveUninst.exe -> Adware.SaveNow : Error during cleaning

C:\SaveInstCsSm.exe/Save.exe -> Adware.SaveNow : Error during cleaning

C:\SaveInstCsSm.exe/SaveUninst.exe -> Adware.SaveNow : Error during cleaning

C:\SaveInstCsSm.exe/Search.exe -> Adware.SaveNow : Error during cleaning

C:\SaveInstCsSm.exe/Search.exe -> Adware.SaveNow : Error during cleaning

C:\SaveInstCsSm.exe/DnldStub.exe -> Downloader.Small.kl : Error during cleaning

C:\SaveInstCsSm.exe/DnldStub.exe -> Downloader.Small.kl : Error during cleaning

C:\WINDOWS\bx23moc5.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\243461__.exe517 -> Trojan.Dialer.it : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\243461__.exe663 -> Trojan.Dialer.it : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\243461__.exe772 -> Trojan.Dialer.it : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\rdgUS2397.exe -> Downloader.Small.ayl : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\HbInstIE.dll -> Adware.HotBar : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Adware.WinAD : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\rdgUS2397.exe -> Downloader.Small.ayl : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI530211NetInstaller.exe -> Not-A-Virus.Downloader.Win32.Agent.f : Cleaned with backup

C:\WINDOWS\Downloaded Program Files\v3.dll -> Adware.EliteBar : Cleaned with backup

C:\WINDOWS\loadclean.exe -> Downloader.Delf.aeu : Cleaned with backup

C:\WINDOWS\loadnew.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\mtog7gub.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\n5c24abt.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\oug007mo.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\p6hddt7z.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\rhfgi8yk.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_0_0_105300.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_0_0_106800.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_0_0_107400.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_1_0_449200.gif -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_1_0_449200.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_1_0_449600.gif -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_1_0_449600.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_1_0_454300.gif -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_1_0_454300.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_2_0_105300.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_2_0_106800.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_2_0_107400.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_3_0_105300.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_3_0_106800.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_3_0_107400.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_4_0_111600.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_4_0_152400.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_4_0_155300.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\AdCache\B_329_4_0_164100.htm -> Adware.Cydoor : Cleaned with backup

C:\WINDOWS\system32\b2search.exe -> Adware.EZula : Cleaned with backup

C:\WINDOWS\system32\cmd32.exe -> Downloader.Delf.aeu : Cleaned with backup

C:\WINDOWS\system32\nsfCA.dll -> Adware.Beginto : Cleaned with backup

C:\WINDOWS\system32\nsrE2.dll -> Adware.Beginto : Cleaned with backup

C:\WINDOWS\system32\nstBE.dll -> Adware.Beginto : Cleaned with backup

C:\WINDOWS\system32\nsv15C.dll -> Adware.EZula : Cleaned with backup

C:\WINDOWS\system32\nswC4.dll -> Adware.Beginto : Cleaned with backup

C:\WINDOWS\system32\scmt16.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\vy1q0ruo.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINDOWS\y1c7533v.exe -> Downloader.Small.ckj : Cleaned with backup

C:\WINNT\96wu19rd.exe -> Dropper.Small.sc : Cleaned with backup

C:\WINNT\Admsarvw.gef\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Adoafkzen.ljm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Afewywadqgr.ket\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Afwdque.pko\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ageosypdvro.mej\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Agocctpcozf.fsk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Akedzdlye.pox\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Aknftre.ebt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Alchvpfo.ufu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Amvmknqrd.fun\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ancxvibyim.xse\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Apnmljrfxm.izb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Arnnapfa.zmj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Aspabrry.oxv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Atfuhuaiwb.udh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Atmiijaiop.hrw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Aynnadtohls.dew\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ayyskoird.vbq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Azbuaxuc.arb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Azzkbeubc.vzx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Baoaezix.lol\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bbcpvyolz.sxi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bddkjlme.btj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bhzxrolozxk.tfx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bipufqm.xdf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bjmizhtmz.cra\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bjnzvyhmts.jru\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bptsxrgtxya.gqc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Brezanq.loq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Btzkrigk.njg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bvyeasykj.sur\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Bxiwjcqyv.yvv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Carzajchuqh.rkh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cevhztesub.kxf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cfuwlqf.gle\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cfvpkssnxog.baw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ciejkkg.oag\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cmttxrncg.ycv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cnyaqdqidd.xda\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cpozxrba.jyy\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cqjstslmul.jsr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cqobwkljv.avw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cqtncacuo.beh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Crdrvtorz.eto\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cssazyqymno.ajp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cuizpmd.ird\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cyjmvzl.xmv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Cyycrww.ekb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Dcxwgzolore.qqq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Djlnhdmx.uma\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Dnfdqwdo.ofa\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Downloaded Program Files\BridgeX.dll -> Downloader.Briss.a : Cleaned with backup

C:\WINNT\Downloaded Program Files\clientax.dll -> Adware.180Solutions : Cleaned with backup

C:\WINNT\Downloaded Program Files\CONFLICT.1\m67m.ocx -> Adware.MediaMotor : Cleaned with backup

C:\WINNT\Downloaded Program Files\CONFLICT.1\YSBactivex.dll -> Downloader.IstBar.fa : Cleaned with backup

C:\WINNT\Downloaded Program Files\CONFLICT.2\m67m.ocx -> Adware.MediaMotor : Cleaned with backup

C:\WINNT\Downloaded Program Files\loader2.ocx -> Downloader.Agent.ex : Cleaned with backup

C:\WINNT\Downloaded Program Files\m67m.ocx -> Adware.MediaMotor : Cleaned with backup

C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Cleaned with backup

C:\WINNT\Dpwdveeiwxv.ndy\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Dryteppndhe.mva\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Dxdnvwrqyzo.nvi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ecnpkob.ngl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Edpfaaxvq.css\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Eemoeggpirp.cbb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Eeqeinrrqqu.unb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Egiagqlwwj.ozi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Egoencszf.vis\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Eihvkbx.hao\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ennjzssn.njo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Epgwfxy.jat\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Etlnznltlwn.ytl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Evrejrjqsq.ipu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ewswtbx.gnw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Eyxqdcrot.wbf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ffgkzsopa.nww\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fgjskwhxa.bbe\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fgzybvcz.sdo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fhcszbgspbs.wxf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fhojjonqsz.mxo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fiqpicpbpjo.foe\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fjtzeujpf.its\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fmeztppwmob.ite\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fngwgixz.wjc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fqzxkvy.lew\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Frgkorovnw.sxd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fryhjeenbvq.nan\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fsjozed.bvt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fuplyzy.ipd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fvomybbjim.eko\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Fytufyedbx.kda\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gcikgota.irr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Geeihpw.yep\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ghlpmylmxwn.ghd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gkkdasxxbku.xam\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Glclhyxrq.kbz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Glsdedyouo.hnd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Glyxzgjnur.ybp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gnexxzpk.edo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gonyhqyqeb.rnj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gptsdxy.dht\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Grctskv.ydz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gudinifmje.oam\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Gvqbqot.iev\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hazdzyygc.tsb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hfyihymc.hql\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hjbblig.pzb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hkihacloxvq.zyt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hlqgqqrqfa.jgl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hnvybif.vut\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hoipkoad.ckm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hrsscxql.imr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hsiqrvugbm.cug\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Huhdbtqxhxn.hxz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hujzkptz.ret\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hvsrztunhf.vxw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hwbnhxmwkwr.jxr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Hzeozlty.eiq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ibnltqfglgk.cwi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Iezmtjbcw.eel\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ignwyseyptk.eid\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ijeykdjxi.fnm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ilorggvjbng.ybb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ilwlgat.kcf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Innnlbm.dum\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ipbzrqihslu.qmt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\iplg32.exe -> Trojan.Agent.bi : Cleaned with backup

C:\WINNT\Ipvpmxu.mcw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Iqguyebz.qbe\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\javahg32.exe -> Trojan.Agent.bi : Cleaned with backup

C:\WINNT\Jivecup.gea\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jkchwgnva.lvs\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jlmcpjbmnhf.tkd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jlrwdoscrq.liv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jminplen.dad\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jmitmwphcn.vvm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jpuwvkq.wnp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Jwqmseiknqw.mbv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kcginne.lzo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kctdjeo.mjn\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kejugib.rjb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kfujalkcz.gtk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kgwhjdvi.ogr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Khpfjcjbtt.xtw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kmpkbhullm.lty\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kmrbtzsox.ilw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Koophsnuykk.alq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Krgahgd.kxp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Krkbkwmzhxd.uqi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kwnzdbnph.ltq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kxlscgllqu.gqy\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kyyrlsugl.qmn\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Kzempujz.avq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lacgatrnv.gig\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\launchurl.exe -> Trojan.Zapchast : Cleaned with backup

C:\WINNT\Lcblneylfs.mhe\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lhsxdordwl.guv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lijardn.mkj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ljhhlvd.tte\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lknqwpm.lad\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lmvkdfxmwp.psq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lpdcaohtj.cpf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lpdyiwzh.pln\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lrbyhtlths.osu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lrzkbxdh.szg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lsutmzw.vyg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lweskdckvhv.psr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lwsrpwb.kfr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lxxueohujs.gzf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Lzernjbsk.mnv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\MediaMotor25.exe -> Downloader.Small.aak : Cleaned with backup

C:\WINNT\Mesrgtoal.ahx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Mhfzuhpis.xrn\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\minigolf_affiliate.exe -> Downloader.Agent.f : Cleaned with backup

C:\WINNT\MM32.exe -> Downloader.Small.aak : Cleaned with backup

C:\WINNT\Mopfhkjssgq.aky\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Mqrqsryr.dll -> Adware.SearchBand : Cleaned with backup

C:\WINNT\Mugiksoue.wit\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Mvmxcljthu.wnh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Mxyeinp.xfg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nahcgxp.jvk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nbfdzxnn.cmg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nbpofigyh.htl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ndayytutrf.udi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nicstmmypl.chg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nkhiksutcqi.zbh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nlbiwrcz.ytn\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nmohrhqrta.xid\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nnmihgb.pfa\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Novlopqmjn.wzh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Npscpxd.tgo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nupogippo.xhr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nyejmogbejy.dwv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Nyumijau.zgc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Obrbqiq.rsi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ochzsttva.swv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ocwmuigi.foc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Odthvey.gyh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Oecvqsywyw.tzk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ofvenhvwz.bss\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Okpfmsnmj.iij\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Omtjcyi.tll\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Onowulbesya.pyw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Onuhuan.nld\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Onwzubgysp.qoc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Oofhvts.pwu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Owgcndubot.hob\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ozmlahdta.ypq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Oztrcfgxq.ton\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pajpqnm.nfh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Payfeqveitg.bek\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pcmprzm.ffr:xmmps -> Downloader.Agent.bc : Cleaned with backup

C:\WINNT\Pdchptza.ish\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Phpqifibxe.ekc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Phqcsyt.lda\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pivfjhevkif.wcu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Poivdscbxpc.rov\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pqivdwvtsa.oih\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pqqbgveo.cxk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Prebuth.omf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\prelimhanse.exe -> Adware.WebHancer : Cleaned with backup

C:\WINNT\Putdrwm.ygu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pwodflaxn.wny\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pwvzedpf.bbd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pwxzaohpmp.pur\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pxbpumne.qnf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Pzuvdbxbt.unl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qbmfekkacfu.jcq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qerkoayqzcq.rhp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qhtrdes.eqc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qmjoyyxnmd.mvg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qodqcmt.jqp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qogjwoygv.qql\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qpbkihun.vvx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qscmyzq.nhp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qvviaakzw.rlz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qwdvvtjc.hfk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qymqsevde.khn\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qyotbco.ulw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qzesxnikfsz.tvq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Qzvjxjkyefx.psq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rbygvzkkyt.ctw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rceneuad.cka\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rdbadpouiag.wkb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Reawelm.hky\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rfoolbwpyj.zui\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rfovojdm.sep\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rirfehbcon.ply\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rjwpvwljzw.vrf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rlwjbjtvtg.wgt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Roxtmhsy.mnd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Rwoqdutwbg.zhv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\sahagent-fellymedia1002.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Satymomahc.kri\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Sbeqynkkrg.skq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Sdrzlslcda.jfc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Sfiewxa.acc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Smhtwbr.sty\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Sqxfyhlffw.ldt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Srcpcpr.vwt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Sulvoncev.qkk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Suujhwopx.gzp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\system32\2ndsrch.dll -> Trojan.SecondThought.ag : Cleaned with backup

C:\WINNT\system32\apuc.dll -> Adware.BargainBuddy : Cleaned with backup

C:\WINNT\system32\install2.exe -> Trojan.SecondThought.l : Cleaned with backup

C:\WINNT\system32\lcinstaller.exe -> Adware.WinAD : Cleaned with backup

C:\WINNT\system32\msjq.exe -> Trojan.Agent.bi : Cleaned with backup

C:\WINNT\system32\netuk.exe -> Trojan.Agent.bi : Cleaned with backup

C:\WINNT\Szcljnsuxu.pmh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Tbatzvyim.oxn\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Tqawjchmp.ryb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Tsrvopg.kty\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Tteqqdra.nur\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ttjslncu.evj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Tudrbacm.tec\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Twynqhs.ubj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Uavjdgj.snb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ubvurrndy.mly\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ucharelc.atp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Udktrnv.wis\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Uhlyetbfw.uqb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Uhoqqmgig.ytt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Uhvwyvi.nza\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ulyqnsd.fed\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\UnstSA2.exe -> Dropper.Delf.z : Cleaned with backup

C:\WINNT\Unswyezsx.uzf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Upxsdkq.bpi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Urdupxrjc.rvh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Usemebfk.erg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Usjqvayjc.mps\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Utnegjd.ari\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Uxqkoway.dwg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Uzmoupilekh.cvo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vbkhyjzq.rxy\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vduyvivm.oxc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vdwunwginpe.tvi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vdzbxbdofnb.igm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Viuvmweyo.gcd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vjisaaon.xll\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vlocmtve.opx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vozobkm.nuk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vpkwcqqjaus.xdl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vqcrrhsrvgz.eji\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vqegqea.qll\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vqrshtzdo.kab\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vrbixmlapb.kyq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vyucbltk.vpa\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Vzjpyowufn.pcd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Waznbxgvt.qxs\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wficzqbdemp.iur\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wgtnoytfiwp.qyw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Whrbxstk.kwo\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\WildApp.dll -> Adware.MediaTickets : Cleaned with backup

C:\WINNT\winhy32.dll -> Downloader.Agent.bc : Cleaned with backup

C:\WINNT\Wiozeit.jba\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wjspxfvjyz.xnm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wllqebu.isx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wlucecppyh.yhq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wtcpwboe.qhz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wtlnythormd.fni\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wuodpceerzu.biq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wwwijooiv.ndi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Wywkbhsjg.kbj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xcohcehbjda.miw\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xdruteelj.gwu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xenzqjrsq.edy\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xhqzpgrvysp.pya\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xiawoxe.luu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xneqkhwhr.bts\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xnngcyqxon.ylz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xoqskxnhwj.gjx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xrlnszz.nze\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xryoehjue.ozm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xuzkchr.kzr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xveswjggfc.xwd\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xxmmsxwkgs.mkz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xxsnnhejtvu.qen\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xxwfkcryvtg.jfc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Xygrgaej.smp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yaoevfhfrgq.ftb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ycyoyest.jcx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yczxzax.zac\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yezbhoqnh.anu\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yghkzozbpwz.zae\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yhbavivnpxg.iwi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yigyjbwv.ebj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yiqldfdvfn.hyc\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ymumpcxyw.pfr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ymwfqgwxga.bqk\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Ystnuogpphc.qsv\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yujuqkcew.him\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yulssbui.hlt\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yuuffdedsv.krr\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yvcpdkb.sbq\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yxinamuwfr.pwy\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yxzstknl.osp\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yykqvyjohqn.bhf\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Yzcrzdouo.ywe\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zbrggrc.qoi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zgdgxiepeyn.axx\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zhyusonjlmi.ufl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zijazam.grh\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zirlbvtml.xgb\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zoakjuv.ddi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zokwkha.bmm\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zopipplx.zot\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zuzseebcm.obz\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zvfqxqpke.pmj\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zwfafwvu.fms\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zwzspveirql.hkg\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zxcdhpgecff.uvi\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\Zxkgmtoto.ijl\sah.exe -> Adware.Sahat : Cleaned with backup

C:\WINNT\_default.pif:bmfff -> Downloader.Agent.bq : Cleaned with backup

C:\WINNT\_default.pif:uiojq -> Downloader.Agent.bc : Cleaned with backup

::Report End

Link to post
Share on other sites

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:

http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

Link to post
Share on other sites

Alrighty...

It looks like Aproposfix didn't do anything, but I don't know..

log of AproposFix v1.1

************

Running from directory:

C:\Documents and Settings\Jay\Desktop\aproposfix

************

Registry entries found:

************

No service found!

Removing hidden folder:

No folder found!

Deleting files:

Backing up files:

Done!

Removing registry entries:

REGEDIT4

Done!

Finished!

HJT log

Logfile of HijackThis v1.99.1

Scan saved at 5:55:29 PM, on 3/16/2006

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Sony Handheld\HOTSYNC.EXE

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} - http://installs.spamblockerutility.com/ins...ckerutility.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c9.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.salisbury.edu/activex/AxisCamControl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Link to post
Share on other sites
  • 3 weeks later...
Guest
This topic is now closed to further replies.