Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help With Annoying Popups


  • This topic is locked This topic is locked
9 replies to this topic

#1 heathersdaddy

heathersdaddy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 26 February 2006 - 09:08 PM

I have these annoying pop ups and need help getting rid of them.

Here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 6:04:40 PM, on 02/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130106900953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\aza2la7o1d.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\lvjs0917e.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:04:53 PM

Posted 27 February 2006 - 04:53 AM

Hi and welcome to Bleeping. :thumbsup:


You have some nasty adware on your machine that I can see and possibly more lurking in the background.


Step 1

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • A log file will be created at C:\Look2Me-Destroyer.txt
  • If Look2Me-Destroyer does not reopen automatically, reboot and try again.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


Step 2

Then please click on Start > Run and type msconfig in the 'Run' box. When the System Configuration Utility opens, click on the 'Startup Tab' and make sure there is a checkmark beside each entry. Ensure the 'General Tab' has the "normal startup" option checked. Reboot when asked to by Windows to complete any change.


Step 3

Then post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log please.



Keeping Track of Your Topic
  • Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
  • Enable email notification to subscribed threads via the My Control Panel link above.
  • Keep ALL future replies in this thread please.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#3 heathersdaddy

heathersdaddy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 27 February 2006 - 11:01 PM

Here is my new hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:00:18 PM, on 02/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130106900953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


here is my look2me log

Look2Me-Destroyer V1.0.7

Scanning for infected files.....
Scan started at 2/27/2006 7:35:45 PM

Infected! C:\WINDOWS\system32\aza2la7o1d.dll
Infected! C:\WINDOWS\system32\mv2ol9f31.dll
Infected! C:\RECYCLER\NPROTECT\00000071.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066088.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066092.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066102.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066106.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066112.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066116.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0067112.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068118.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068124.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068126.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068132.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068133.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069132.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069138.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069139.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069153.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069264.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069294.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069295.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069308.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069326.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069328.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069329.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069333.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069346.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069352.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070557.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070561.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070572.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0071355.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0071362.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP365\A0071371.dll
Infected! C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP365\A0071372.dll
Infected! C:\WINDOWS\system32\g6400ghme64a0.dll
Infected! C:\WINDOWS\system32\gp6ql3j51.dll
Infected! C:\WINDOWS\system32\mevcp71.dll
Infected! C:\WINDOWS\system32\mv0ml9d11.dll
Infected! C:\WINDOWS\system32\mv2ol9f31.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\mv2ol9f31.dll
C:\WINDOWS\system32\mv2ol9f31.dll Deleted successfully!

Attempting to delete: C:\RECYCLER\NPROTECT\00000071.dll
C:\RECYCLER\NPROTECT\00000071.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066088.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066088.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066092.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066092.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066102.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066102.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066106.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066106.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066112.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066112.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066116.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066116.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0067112.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0067112.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068118.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068118.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068124.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068124.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068126.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068126.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068132.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068132.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068133.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068133.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069132.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069132.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069138.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069138.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069139.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069139.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069153.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069153.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069264.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069264.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069294.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069294.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069295.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069295.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069308.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069308.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069326.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069326.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069328.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069328.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069329.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069329.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069333.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069333.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069346.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069346.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069352.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069352.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070557.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070557.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070561.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070561.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070572.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070572.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0071355.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0071355.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0071362.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0071362.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP365\A0071371.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP365\A0071371.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP365\A0071372.dll
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP365\A0071372.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\g6400ghme64a0.dll
C:\WINDOWS\system32\g6400ghme64a0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\gp6ql3j51.dll
C:\WINDOWS\system32\gp6ql3j51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mevcp71.dll
C:\WINDOWS\system32\mevcp71.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv0ml9d11.dll
C:\WINDOWS\system32\mv0ml9d11.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv2ol9f31.dll
C:\WINDOWS\system32\mv2ol9f31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FDAA36D6-8AA1-4710-B02C-094922D50E77}"
HKCR\Clsid\{FDAA36D6-8AA1-4710-B02C-094922D50E77}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FB927789-76F6-4F30-913F-0E774D784950}"
HKCR\Clsid\{FB927789-76F6-4F30-913F-0E774D784950}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5BF77CB4-2ECC-49F4-B37E-1B993BC2CD78}"
HKCR\Clsid\{5BF77CB4-2ECC-49F4-B37E-1B993BC2CD78}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C026A3EC-86C4-4539-8B32-34E0170BFE44}"
HKCR\Clsid\{C026A3EC-86C4-4539-8B32-34E0170BFE44}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9D9A6653-F548-4934-AD2B-E5B4F84E3438}"
HKCR\Clsid\{9D9A6653-F548-4934-AD2B-E5B4F84E3438}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2E13A25A-31CB-4973-AF89-C94799C84AFD}"
HKCR\Clsid\{2E13A25A-31CB-4973-AF89-C94799C84AFD}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#4 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:04:53 PM

Posted 28 February 2006 - 03:35 AM

That's looking good but considering how serious this infection can be for downloading further malware I recommend you run further scans to ensure there's nothing else lurking.

Step 1

Configure Windows to Show all hidden files & folders and ensure you're familiar with rebooting into Safe Mode.

Download ATF Cleaner to your desktop.

Download and install Ewido Anti-Malware.
  • When installing Ewido, under "Additonal Options" uncheck "Install Background Guard" and "Install Scan Via Context Menu".
  • Launch Ewido by double-clicking the desktop icon and click 'OK' at the "Database could not be found!" warning.
  • Click "Update" on the left side of the main screen to update the definitions file.
  • Then click "Start Update".
  • When you receive the "Update successful" prompt, close the program for use later.
Step 2

Reboot into Safe Mode now please.

Run HijackThis again and checkmark the boxes before the following:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


Close ALL OTHER OPEN WINDOWS and click "Fix Checked"


Step 3

Use Windows Explorer to locate & delete the following folders in bold:

C:\Program Files\Common Files\VCClient\


Step 4

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Step 5

Launch Ewido Anti-Malware.
  • Click on Scanner.
  • Click on Complete System Scan and the scan will begin.
  • Warning: Do NOT open any other windows or your Control Panel while scanning as it may prevent scan completion!!
  • When prompted to clean the first infection, select "Remove" and checkmark the box beside "Perform action on all infections" in the left corner.
  • Upon scan completion, click the Save report button and save the report.txt to your desktop.
  • Then close Ewido and post the scan results please.
Step 6

Reboot and run either of the following online virus scans with Internet Explorer (saving the scan report when complete):

Kaspersky On-line Scanner
  • Accept the Active X object and download the latest definitions.
  • When the scanner is ready, click Scan Settings.
  • Select the Extended anti-virus database.
  • Select Scan Archives & Scan Mail Bases and then ok.
  • Click My Computer to run a full system scan.
  • When complete, choose Save as Text and save the log to your desktop.
Panda ActiveScan
  • Once on the Panda site click the Scan your PC button and then the Check Now button on the nex screen.
  • Enter your details in the required fields.
  • Then click the big Scan Now button.
  • Allow the Active X component to install and download the necessary files. (Note: It may take a couple of minutes)
  • When the download is complete, click on Local Disks to start the scan.
  • Upon scan completion, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Step 7

Reboot once more and then post the following:
  • New HijackThis log.
  • Ewido scan results.
  • Online scan results.
  • Any problems you encountered.

Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#5 heathersdaddy

heathersdaddy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 01 March 2006 - 11:30 PM

Here is my ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:04:30 PM, 03/01/2006
+ Report-Checksum: 72CB306C

+ Scan result:

HKLM\SOFTWARE\AkSoft -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\4stats.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\64.159.76.191 -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\64.7.220.98 -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\69.20.62.53 -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\888.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\888.tv -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\aaic.us -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\abby-cheat.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\abcsearch.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\abum.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ad.trafficmp.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\adfarm.mserve.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\adoko.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ads.gamespyid.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ads.itotalfind.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ads.nextgame.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\adsvr.adknowledge.com:8000 -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\adultboards.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\aema.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\affiliates.allposters.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\americanexpress.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ameriquestmortgage.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ancient-egypt.org -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\asta-killer.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\auduboninstitute.org -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\avon.avon.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\avon.avon.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\axelmossen.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\babyzone.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\beinsync.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\beinsync.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\bigtracker.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\bingoliner.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\bingos.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\bored.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\boxcheats.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\bugger.3rror.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\bullguard.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\burstnet.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ca.avon.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\canada.ce.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\canal96.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cartoondirectory.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cbsnews.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cellularchoices.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cgi.darwinawards.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cgi.hypercount.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cheatcc.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cheatheaven.co.uk -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cheats.gamespy.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cheats.ign.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cheatserver.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\clickit.go2net.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\clinkc.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cobsbread.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\collegegrad.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\counters.zy.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cra-arc.gc.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cracksearch.ws -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cube-cheats.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cube.ign.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\cusslermen.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\d-a-l.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\darwinawards.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\deletespyware.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\designgroupstaffing.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\diomede.homere.jmsp.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\dist.belnk.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\distinctivekids.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\docs1.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\download.abetterinternet.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\download.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\dreampass.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\dyn.ifilm.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\eamericraft.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ebay.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ehealthinsurance.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\emptyspace.dk -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\encyclopedia.farlex.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\enfamil.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\english.monster.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\entertainment.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\etroductions.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\exactsearch.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\experts-exchange.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ezilon.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\f-secure.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\facedoctor.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\famousplayers.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\fashion.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\fashioninformation.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\fast-rewind.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\filesdirect.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\findallyouneed.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\findyourspot.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\focusin.ads.targetnet.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\forum.tweakxp.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\forums.techguy.org -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\free-porn-passes.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\freechannel.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\freewebs.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\freshdevices.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\fwhc.org -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\gamecube.gamezone.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\gamerzbrain.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\gamespot.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\gamewinners.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\gamezone.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\generalstore.home.ro -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\georgecanyon.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\google.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\google.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\gr.bolt.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\hays.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\help2go.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\highspots.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\holhost.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\home.americanexpress.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\hostreview.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\housecall-beta.trendmicro.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\housecall.trendmicro.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\hoyle.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\idiaper.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\impactwrestling.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\insidepulse.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ironhymen.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\isg02.casalemedia.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\itsyourturn.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jenberkley.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jetsgo.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jewishfood-list.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jobbank.gc.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jobsearch.monster.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jobshark.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\jokefrog.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\js-examples.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\kaspersky.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\kbears.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\killsometime.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\lamermelculo.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\langleytimes.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\lapi.ebay.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\legalsteroids.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\lendingmax.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\limmy.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\literotica.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\localxml.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\looksmart.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\lyrics007.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\malestars.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\manbiz.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\match.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\microsoft.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\midaddle.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\midiox.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mobilixnet.dk -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\money2read.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\moviemistakes.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mpasystems.com.au -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\msxml.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mufftorrent.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\my.monster.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mysearchad.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\myspivo.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mysurvey.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mytelus.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\mytravelbargains.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\neonkitty.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\networkcollect.realmedia.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\news.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\nextag.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\novatina.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\nuker.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\oca.microsoft.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\overdump.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\pacificpoker.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\pagead2.googlesyndication.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\panicware.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\passtheshareware.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\paypopup.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\pchell.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\pcsecurityshield.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\pillsbury.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\platinum.cheatcc.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\playsite.iwin.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\playtimecinema.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\pogoweb02.pogo.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\popup-killer-review.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\putfile.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\rarlab.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\rednova.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\register.globaltestmarket.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\remaxkauai.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\richardsrealm.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ringathing.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\robsgaming.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\rogersvideo.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\roperinsurance.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sandermax.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sandjamr.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\scottmanning.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\search.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\search.msn.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\searchwebservices.techtarget.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\searsportrait.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\security.symantec.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\securityresponse.symantec.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sewlumbr.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sharewareconnection.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\shop.avon.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\shop.avon.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\shopincanada.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sing365.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sitepoint.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\slam.canoe.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\smallbusinessloans.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\smartdebtmanagement.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\snopes.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sofe.ebay.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\softwaretipsandtricks.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\southernfood.about.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\spotresults.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\sqsearch.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\stopzilla.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\supercheats.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\symantec.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\t.trafficmp.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\tamingthebeast.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\targetedvisitor.sex.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\tdsindustrial.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\thefoody.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\thefreedictionary.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\thehouseofcards.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\theshieldantivirus.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\theshieldantivirus2005.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\theweathernetwork.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\ticketmaster.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\tidytanks.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\top100gamesites.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\totallycheap.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\travel.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\trax.inspectorclick.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\trendmicro.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\tubal-reversal.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\uas.bc.ca -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\umagroup.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\unclenasty.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\uproar.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\us.intellitxt.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\utm.trk.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\v5.windowsupdate.microsoft.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\vbaccelerator.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\vegparadise.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\vgstrategies.about.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\vsn1.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\web.tickle.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\westernunion.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\who2.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\windowsecurity.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\windowsupdate.microsoft.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\wolfsurfer.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\workopolis.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\worlddesign.net -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\wwkiosk.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\www1.excite.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\www11.overture.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\wzforums.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\xdrive.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\xe.com -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\AOL.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\EXPLORER.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\IEXPLORE.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\MOZILLA.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\NETSCP.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\NETSCP6.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\OPERA.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\WAOL.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\YBROWSER.EXE -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Target -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\b\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\c\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\d\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\e\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\f\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\a -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\b -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\g\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\h -> Adware.AkSoft : Cleaned with backupHKLM\SOFTWARE\AkSoft\[\[\c -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\d -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\e -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\f -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\g -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\h -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\i -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\j -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\k -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\l -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\m -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\n -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\o -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\p -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\q -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\r -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\s -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\t -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\u -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\v -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\w -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\x -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\y -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\z -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\[ -> Adware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\nsvcin -> Adware.Delfin : Cleaned with backup
HKU\S-1-5-21-57989841-583907252-1801674531-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-57989841-583907252-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\17E5D3A0-7B15-4D3E-A3C8-56E745\2061D7F2-B0B3-4C1F-AC05-8720A7/chrome/isearch.jar/content/isearch/isearch.js -> Adware.ISearch : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\17E5D3A0-7B15-4D3E-A3C8-56E745\514FEF6C-C86D-43CF-B1A6-12BBED -> Adware.MDH : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6A98B941-2844-417B-B500-DFFEE0\29AD3238-81DF-4800-A766-A17F65 -> Adware.EZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\82982710-2E4F-4485-AB8A-B2D292\DA419629-50B6-4291-974B-0B6A7E -> Adware.EZula : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AF368453-6229-4F23-9A5A-14AA56\5DCFDC8A-CB14-44FE-8F22-C19DBA -> Adware.Look2Me : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DB0815CA-E2DC-4FED-B8DC-1ADF18\83FBCD6E-28E4-4B15-9BD4-DCBB3A -> Downloader.Agent.br : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FD131F81-D0E4-45EC-9724-332DB4\8AE35EAF-85D3-42C3-AF2A-A1EB41 -> Downloader.Agent.br : Cleaned with backup
C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
C:\RECYCLER\NPROTECT\00000017 -> Downloader.VB.xl : Cleaned with backup
C:\RECYCLER\NPROTECT\00000026 -> Hijacker.VB.ld : Cleaned with backup
C:\RECYCLER\NPROTECT\00000027 -> Downloader.VB.wg : Cleaned with backup
C:\RECYCLER\NPROTECT\00000065.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000066.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000073.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000074.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000075.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000551.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000552.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000703.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000704.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000705.DLL -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000706.dll -> Adware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00000707.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\akcore.dll -> Adware.Coreak : Cleaned with backup
C:\WINDOWS\system32\akrules.dll -> Downloader.Agent.bt : Cleaned with backup
C:\WINDOWS\system32\akupd.dll -> Downloader.Agent.br : Cleaned with backup
C:\WINDOWS\system32\docore.dll -> Adware.Couponage : Cleaned with backup
C:\WINDOWS\system32\dosync.dll -> Adware.Couponage : Cleaned with backup
C:\WINDOWS\system32\ps.exe -> Dropper.Agent.mf : Cleaned with backup


::Report End

Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:28:53 PM, on 03/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3

#6 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:04:53 PM

Posted 02 March 2006 - 06:10 AM

It looks like you ran out of space in your last post.

Your HijackThis log has been cut short and the Kaspersky results are missing.

Can you repost these two in your next reply please. :thumbsup:
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#7 heathersdaddy

heathersdaddy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 02 March 2006 - 11:46 PM

Here is the online checker log:

KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 02, 2006 20:41:48
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 3/03/2006
Kaspersky Anti-Virus database records: 168877
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 77774
Number of viruses found: 35
Number of infected objects: 17146
Number of suspicious objects: 1
Duration of the scan process: 8450 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\0D275C3F Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\105E30B6 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\22B814D2 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\25F53D42 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\2A72650D Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\2DDE62FE Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\33EA0E29 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\352A20C9 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\353E1CB4 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\3F3A38DE Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\42710D54 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\480D3370 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\502960D1 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\52850EC9 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\544A0BFD Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\553870F2 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\57A52E4C Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\6A04741A Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\71324599 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\748D67E8 Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\79460EFE Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton AntiVirus\Quarantine\794938FB Infected: Trojan.Win32.Delprot.a
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00022589.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00024EF9.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00037179.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00054F86.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\000578F5.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\000922F2.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00097982.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\000C237E.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\000C4CEE.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\000F4D7B.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\000F76EB.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00127777.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00162174.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00164AE3.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\001867E7.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00194B70.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\001974E0.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\001C756C.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\001F48D9.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00201F69.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0022631E.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00234965.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\002372D5.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00261CD1.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00267362.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00291D5E.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\002946CE.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\002C5E55.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\002C70CA.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\002D475A.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00307157.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00331B53.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\003344C3.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00343EC0.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00364550.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0037598C.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\003A18BC.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\003A6F4C.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\003D1948.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\003E39F7.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00404345.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00406CB5.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004154C3.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004316B1.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00436D41.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0047173E.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00483FC9.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00497554.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004A413A.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004A6AAA.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004B3B0D.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004C5DE9.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004D00C6.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004D14A6.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004D6B36.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004E23A2.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\004F467E.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0050695A.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00510C37.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00511533.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00522F13.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00543F2F.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0054689F.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005474CC.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005517A8.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00553A84.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00565D60.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0057003D.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0057692C.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00582319.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005945F5.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005A1328.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005A3C98.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005A68D2.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005B0BAE.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005D2B9C.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\005E3D24.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00611091.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00616721.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0064111D.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\006726D3.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00673B1A.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00676489.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\006B0E86.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\006B6516.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\006E0F13.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\006E3882.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00712209.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0071390F.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00740C7B.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0074630B.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00780D08.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007B3704.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007B6074.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007C1D40.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007E0A70.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007E6101.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00820AFD.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008534F9.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00855E69.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00861877.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00880866.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00885EF6.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008B08F2.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008E5C5E.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008F32EF.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\0092065B.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00925CEB.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009506E7.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00953057.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009830E4.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00985A54.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009C5AE0.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009F04DD.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009F2E4C.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A22ED9.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A25849.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A26F50.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A558D5.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A902D2.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00A92C42.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00AC2CCE.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00AC563E.exe Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00AF56CB.tmp Infected: P2P-Worm.Win32.VB.dw
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\00AF6B5C.tmp Infected: P2P-Worm.Win32.VB.dwC:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7FFF7B8D.tmp Infected: P2P-Worm.Win32.VB.dw
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP357\A0065922.EXE Infected: Trojan-Clicker.Win32.Delf.dm
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP357\A0065930.exe Infected: Backdoor.Win32.Rbot.gen
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP357\A0065931.exe Infected: P2P-Worm.Win32.VB.dw
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP357\A0065935.exe Infected: Trojan-Downloader.Win32.Adload.s
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP358\A0065944.exe Infected: Trojan-Downloader.Win32.VB.ww
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP358\A0065945.exe Infected: Trojan-Clicker.Win32.VB.ld
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP358\A0065946.exe Infected: Trojan-Downloader.Win32.VB.wy
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066077.exe Infected: Trojan-Downloader.Win32.VB.wr
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066080.exe Infected: Backdoor.Win32.Rbot.gen
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0066081.exe Infected: P2P-Worm.Win32.VB.dw
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP360\A0068115.exe Infected: Trojan-Dropper.Win32.Agent.aac
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069270.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069270.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069271.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069289.exe Infected: Trojan-Dropper.Win32.Agent.aac
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069290.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP361\A0069292.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069305.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069306.EXE/data0001 Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069306.EXE Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069307.EXE/data0001 Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069307.EXE Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069327.exe Infected: Trojan-Downloader.Win32.VB.xg
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069330.exe/data0001 Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP362\A0069330.exe Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP363\A0070356.exe Infected: Trojan-Downloader.Win32.VB.xl
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP363\A0070357.exe Infected: Trojan-Downloader.Win32.VB.xl
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP363\A0070358.exe Infected: Trojan-Dropper.Win32.Agent.aie
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP363\A0070359.exe Infected: Trojan-Clicker.Win32.VB.li
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP363\A0070360.exe Infected: Trojan-Downloader.Win32.VB.wg
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070386.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070386.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070428.EXE/data0001 Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070428.EXE Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070463.exe Infected: Trojan-Downloader.Win32.VB.xd
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070464.exe Infected: Trojan-Downloader.Win32.Adload.t
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070465.EXE/data0001 Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070465.EXE Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070467.EXE/data0001 Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070467.EXE Infected: Trojan-Downloader.NSIS.Agent.p
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP364\A0070672.EXE Infected: Trojan-Downloader.Win32.Qoologic.bh
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP366\A0071432.dll Infected: Trojan-Downloader.Win32.Agent.bt
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP366\A0071433.dll Infected: Trojan-Downloader.Win32.Agent.br
C:\System Volume Information\_restore{065DCC8C-D734-4E17-AD79-2F65E3A62CA7}\RP366\A0071436.exe Infected: Trojan-Dropper.Win32.Agent.mf

Scan process completed.

Here is the hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 8:45:43 PM, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft IntelliPoint\Point32.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\OPScan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://www.puretracks.com/onager.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://64.114.12.3/map/mapguide/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1130106900953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:04:53 PM

Posted 03 March 2006 - 03:56 AM

Clean as a whistle. :thumbsup:

How's the machine performing now?

Popups gone?
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)

#9 heathersdaddy

heathersdaddy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:53 AM

Posted 03 March 2006 - 10:30 AM

Yes, very clean and no more pop ups, thanks a bunch..


:thumbsup: :flowers: :huh:

#10 John_McKenna

John_McKenna

    World Class Hairy Chest


  • Members
  • 497 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Liverpool
  • Local time:04:53 PM

Posted 03 March 2006 - 11:17 AM

You're welcome. :thumbsup:

Everything appears to be in order so I guess we can wrap things up for the time being.

Now that you're clean again, please follow these simple steps to keep yourself safe and secure in the future.


Re-enable Your Protection

If asked to reveal your hidden system files and folders during the course of the fix, please rehide those now by reversing the steps here.

Please also re-enable the real-time protection for any anti-spyware programs I asked you to disable before proceeding with the fix.


Disable and Re-enable System Restore to Flush Infected Restore Points

If you are using Windows ME or XP, you should disable and re-enable system restore to make sure there are no infected files found in your restore points.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

or

Managing Windows Millenium System Restore

Re-enable System Restore with instructions from the tutorial above and create a new Restore point.


Block Access to Untrustworthy Sites

You can prevent your computer from visiting a myriad of untrustworthy sites and ad-servers by installing a customised hosts file. One of the best available is the MVPS Hosts File. Simply follow the instructions to install the file in the correct location. This will not only make surfing safer but will improve website load times and block popups from many of the large ad-servers.


Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet



Safe Surfing

JM :flowers:



Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Want to fight back? Click HERE and learn how to remove spyware.

If I've helped you, please consider donating to the Multiple Sclerosis Society (UK)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users