Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

[Resolved] "your system is infected" wallpaper un removable


  • This topic is locked This topic is locked
23 replies to this topic

#1 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 02 January 2010 - 02:32 AM

Hi, Today i downloaded something i though to be a safe file. And it contained a virus. My avg was unable to delete the infection and now isn't detecting it at all. But i have a unchangeable background that says "YOUR SYSTEM IS INFECTED System has been stopped due to a serious malfunction.Spy ware actively has been detected. It is recommended to use spy ware removal tool to prevent data loss. Do not use the computer before all the spy ware is removed" Also the virus disabled my task manager. I was able to enable it again briefly before i restarted my computer using other advice i found online using "regedit" under the run command. Lastly when ever i try to click a link on Google or any other search site i get linked to a site that says "Reported Attack Site! This web site at c.ppcxml.net has been reported as an attack site and has been blocked based on your security preferences. Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners." this happened just hours ago and i couldnt find the solution by myself i would really like some help. thanks look forward to getting an email in the future.

Edited by shad0ws, 02 January 2010 - 02:34 AM.


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 02 January 2010 - 01:07 PM

Hi , welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

NEXT

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Download OTL to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • GMER log
  • both OTL logs
Thanks

#3 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 02 January 2010 - 01:36 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 14:27:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER~1.ALE\LOCALS~1\Temp\pxtdrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat F1C96D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


OTL Extras logfile created on: 1/2/2010 2:29:16 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner.ALEX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 600.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 7.68 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.47 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6112:TCP" = 6112:TCP:*:Enabled:warcraft III
"6112:UDP" = 6112:UDP:*:Enabled:warcraft III

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Warcraft III\Frozen Throne.exe" = C:\Program Files\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne -- (Blizzard Entertainment)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\LC\pickup.listchecker.exe" = C:\Program Files\LC\pickup.listchecker.exe:*:Enabled:pickup.listchecker -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\GHostOne\GHostOne.exe" = C:\Program Files\GHostOne\GHostOne.exe:*:Enabled:GHost One - advanced hosting bot -- (psionic.one)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Heroes of Newerth\hon.exe" = C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:hon -- (S2 Games)
"C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe" = C:\Program Files\Savage 2 - A Tortured Soul\savage2.exe:*:Enabled:savage2 -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{301228EC-B9F0-43EF-A796-7AD70AD7676C}" = Aion
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91535446-A47D-4BE2-8B3D-DC850D9EF049}" = Aion
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D96021A9-B290-4783-B019-0E4000DA84CE}" = S4 League_EU
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AVG8Uninstall" = AVG Free 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner
"CurseClient" = Curse Client
"DotA Client Build 2.31 Beta_is1" = DotA Client Build 2.31 Beta
"DotA Client Build 2.4 Beta_is1" = DotA Client Build 2.4 Beta
"Download Manager" = Download Manager 2.3.9
"ERUNT_is1" = ERUNT 1.1j
"gBurner" = gBurner
"HCGDL" = Hoyle Card Games 2008 (remove only)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"LimeWire" = LimeWire PRO 5.2.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PC Wizard 2009_is1" = PC Wizard 2009.1.88
"Peggle" = Peggle (remove only)
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"PlayMP3" = PlayMP3z
"PROSet" = Intel® PRO Network Adapters and Drivers
"Rude Virtual 3D Client" = Rude Virtual 3D Client
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 550" = Left 4 Dead 2
"SystemRequirementsLab" = System Requirements Lab
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"I-Doser v4" = I-Doser v4
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2009 3:58:56 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application avgtray.exe, version 8.5.0.424, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 1:41:51 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application utherverse.exe, version 0.0.0.0, faulting module
utherverse.exe, version 0.0.0.0, fault address 0x001329c5.

Error - 11/21/2009 1:47:36 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application utherverse.exe, version 0.0.0.0, faulting module
utherverse.exe, version 0.0.0.0, fault address 0x0014e21a.

Error - 11/21/2009 2:00:29 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application utherverse.exe, version 0.0.0.0, faulting module
utherverse.exe, version 0.0.0.0, fault address 0x00132977.

Error - 11/21/2009 2:33:58 AM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/21/2009 2:59:48 AM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2009 7:23:24 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application Hoyle Card Games.exe, version 0.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/25/2009 11:43:10 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application hon_update.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 3:47:07 PM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3576, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/27/2009 3:40:29 AM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3623, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 12/1/2009 12:32:21 AM | Computer Name = ALEX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6079
seconds with 2040 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/2/2010 3:57:56 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/2/2010 3:57:56 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 1/2/2010 3:57:56 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 1/2/2010 3:57:56 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 1/2/2010 4:01:19 AM | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/2/2010 4:01:26 AM | Computer Name = ALEX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/2/2010 4:02:30 AM | Computer Name = ALEX | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 1/2/2010 4:02:40 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 1/2/2010 1:55:37 PM | Computer Name = ALEX | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 1/2/2010 1:55:44 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >
OTL logfile created on: 1/2/2010 2:29:16 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner.ALEX\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 600.00 Mb Available Physical Memory | 59.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 7.68 Gb Free Space | 14.57% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 0.47 Gb Free Space | 2.52% Space Free | Partition Type: NTFS
Drive E: | 7.82 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.ALEX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner.ALEX\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\kbdsock.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PCPitstop Scheduling) -- C:\Program Files\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (NetSvc) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)


========== Driver Services (SafeList) ==========

DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (cercsr6) -- C:\WINDOWS\system32\drivers\cercsr6.sys (Adaptec, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.ao...romesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaimc00000001"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.0.464
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: search@searchsettings.com:1.2.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105
FF - prefs.js..keyword.URL: "http://search.yahoo....type=616163&p="


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 14:52:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/30 13:50:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 14:44:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 06:32:10 | 00,000,000 | ---D | M]

[2009/07/01 08:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Extensions
[2009/07/01 08:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/01 17:44:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions
[2009/07/12 21:46:49 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/11 21:55:31 | 00,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/07/24 00:25:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\toolbar@ask.com
[2009/12/11 21:56:08 | 00,004,546 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\searchplugins\aim-search-1.xml
[2010/01/01 17:44:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/26 11:14:52 | 00,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/10 19:26:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint_.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint__.dll

O1 HOSTS File: (306733 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10560 more lines...
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Owner.ALEX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1244206027312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1244331204703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/10/09 10:45:45 | 00,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/02 14:19:43 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.ALEX\Desktop\OTL.exe
[2010/01/02 14:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ALEX\Application Data\Malwarebytes
[2010/01/02 14:08:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/02 14:08:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/01/02 14:08:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/02 14:08:37 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/02 14:07:45 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.ALEX\Desktop\mbam-setup.exe
[2010/01/02 14:07:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/02 14:06:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/02 14:05:53 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Owner.ALEX\Desktop\erunt_setup.exe
[2010/01/02 14:04:50 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner.ALEX\Desktop\SysRestorePoint.exe
[2010/01/02 14:03:03 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Owner.ALEX\Desktop\ATF-Cleaner.exe
[2010/01/02 13:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/01/02 02:57:43 | 00,000,000 | ---D | C] -- C:\!KillBox
[2010/01/02 02:54:52 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Owner.ALEX\Desktop\KillBox.exe
[2010/01/02 02:21:12 | 00,000,000 | ---D | C] -- C:\Program Files\music
[2010/01/02 02:06:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2010/01/02 01:46:09 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.ALEX\Recent
[2010/01/02 01:24:47 | 01,114,112 | ---- | C] (JgmPTVWrsJze) -- C:\WINDOWS\System32\AVR10.exe
[2009/12/24 18:08:02 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/12/23 19:41:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ALEX\My Documents\OneNote Notebooks
[2009/12/19 23:20:45 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/12/19 17:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ALEX\Application Data\Blitware
[2009/12/19 17:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Driver Robot
[2009/12/19 16:57:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ALEX\Local Settings\Application Data\AIM Toolbar
[2009/12/19 16:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner.ALEX\My Documents\Dose Files
[2009/12/19 16:55:18 | 00,000,000 | ---D | C] -- C:\Program Files\IDoser v4
[2009/12/11 21:51:23 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2009/12/11 21:51:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/12/11 21:50:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2009/12/11 21:50:29 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/12/03 16:10:34 | 00,679,936 | ---- | C] (Generated for JEDI. www.delphi-jedi.org) -- C:\WINDOWS\System32\D3DX81ab.dll
[2009/06/03 19:31:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/06/03 19:31:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/02/23 06:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/02/23 06:33:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/18 17:32:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2008/03/11 21:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2008/03/11 21:43:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2008/03/11 21:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2008/03/11 21:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2007/03/11 23:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Spyware Terminator
[2007/03/04 17:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2006/12/18 14:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2006/08/24 09:38:01 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Application Data\GTek
[2006/07/20 19:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/02 14:22:25 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\roibav.sys
[2010/01/02 14:19:44 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.ALEX\Desktop\OTL.exe
[2010/01/02 14:11:38 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\Owner.ALEX\NTUSER.DAT
[2010/01/02 14:08:44 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 14:07:49 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.ALEX\Desktop\mbam-setup.exe
[2010/01/02 14:06:30 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\NTREGOPT.lnk
[2010/01/02 14:06:29 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\ERUNT.lnk
[2010/01/02 14:05:53 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Owner.ALEX\Desktop\erunt_setup.exe
[2010/01/02 14:04:50 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner.ALEX\Desktop\SysRestorePoint.exe
[2010/01/02 14:03:03 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Owner.ALEX\Desktop\ATF-Cleaner.exe
[2010/01/02 14:01:00 | 00,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/01/02 13:53:57 | 00,001,992 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\HiJackThis.lnk
[2010/01/02 13:53:38 | 01,401,344 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\HijackThis.msi
[2010/01/02 13:00:19 | 47,347,487 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/02 12:57:42 | 01,114,112 | ---- | M] (JgmPTVWrsJze) -- C:\WINDOWS\System32\AVR10.exe
[2010/01/02 12:57:35 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2010/01/02 12:56:38 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2010/01/02 12:56:13 | 00,215,601 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/02 12:55:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/02 12:55:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/02 03:35:57 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner.ALEX\Local Settings\Application Data\IconCache.db
[2010/01/02 03:11:29 | 00,383,836 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\smitRem.exe
[2010/01/02 03:01:28 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner.ALEX\ntuser.ini
[2010/01/02 02:54:52 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Owner.ALEX\Desktop\KillBox.exe
[2010/01/02 02:33:29 | 00,000,150 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\EnableTaskManager.reg
[2010/01/02 01:50:18 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/02 01:50:18 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini
[2010/01/01 18:15:39 | 00,128,265 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/01 17:16:08 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/30 12:42:41 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/25 03:48:36 | 00,010,075 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Jan.docx
[2009/12/23 19:41:52 | 00,000,947 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/12/19 17:20:32 | 00,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/12/18 15:25:08 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\CCleaner.lnk
[2009/12/16 22:15:13 | 00,194,514 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Adams song.docx
[2009/12/16 21:51:07 | 00,010,677 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Song List.docx
[2009/12/15 21:04:00 | 00,012,837 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\My Documents\From the years 1991 to 1996 the country of Australia was ruled under the Prime Minister Paul John Keating.docx
[2009/12/15 21:03:51 | 00,511,758 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Australia.pptx
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\gmer.exe
[2009/12/14 22:18:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/11 21:50:56 | 00,004,063 | -H-- | M] () -- C:\IPH.PH
[2009/12/11 21:50:50 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AIM.lnk
[2009/12/03 16:10:15 | 00,001,616 | ---- | M] () -- C:\Documents and Settings\Owner.ALEX\Desktop\WC3Banlist.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/02 14:22:25 | 00,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\roibav.sys
[2010/01/02 14:19:20 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\gmer.exe
[2010/01/02 14:08:44 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/02 14:06:30 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\NTREGOPT.lnk
[2010/01/02 14:06:29 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\ERUNT.lnk
[2010/01/02 13:53:57 | 00,001,992 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\HiJackThis.lnk
[2010/01/02 13:53:37 | 01,401,344 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\HijackThis.msi
[2010/01/02 03:11:28 | 00,383,836 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\smitRem.exe
[2010/01/02 02:48:11 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\winhelper86.dll
[2010/01/02 02:33:12 | 00,000,150 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\EnableTaskManager.reg
[2010/01/02 01:50:18 | 00,000,419 | ---- | C] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/02 01:50:18 | 00,000,100 | ---- | C] () -- C:\WINDOWS\System32\flags.ini
[2010/01/02 01:24:15 | 00,002,854 | ---- | C] () -- C:\WINDOWS\System32\critical_warning.html
[2009/12/25 03:48:31 | 00,010,075 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Jan.docx
[2009/12/23 19:41:52 | 00,000,947 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/12/21 21:22:13 | 50,401,488 | ---- | C] () -- C:\Program Files\Peyote.mp3
[2009/12/21 20:56:17 | 64,801,644 | ---- | C] () -- C:\Program Files\Marijuana.mp3
[2009/12/19 17:20:31 | 00,000,354 | ---- | C] () -- C:\WINDOWS\tasks\Driver Robot.job
[2009/12/16 21:51:06 | 00,010,677 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Song List.docx
[2009/12/15 21:03:55 | 00,012,837 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\My Documents\From the years 1991 to 1996 the country of Australia was ruled under the Prime Minister Paul John Keating.docx
[2009/12/15 21:03:44 | 00,511,758 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Australia.pptx
[2009/12/15 07:33:52 | 00,194,514 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\My Documents\Adams song.docx
[2009/12/11 21:50:50 | 00,001,574 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\AIM.lnk
[2009/12/03 16:10:15 | 00,001,616 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Desktop\WC3Banlist.lnk
[2009/10/07 14:53:00 | 00,000,318 | ---- | C] () -- C:\WINDOWS\WPE PRO - modified.INI
[2009/07/20 09:42:42 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Local Settings\Application Data\fusioncache.dat
[2009/06/10 19:08:14 | 00,014,336 | ---- | C] () -- C:\Documents and Settings\Owner.ALEX\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 06:43:54 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/05 07:30:03 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2009/05/28 11:41:40 | 04,472,538 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2009/05/25 11:38:22 | 00,830,004 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2009/05/17 18:37:12 | 00,557,469 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/04/21 11:38:32 | 00,328,334 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2009/04/21 11:08:22 | 00,425,040 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/04/21 10:54:54 | 00,146,098 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/04/21 10:52:08 | 00,828,029 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/02 09:23:32 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2009/04/02 09:21:50 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/18 15:56:20 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/03/18 15:56:20 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/03/18 15:56:17 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/18 15:56:12 | 01,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/03/02 11:19:36 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2009/03/02 11:19:30 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2009/03/02 11:19:14 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2009/03/02 11:18:46 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2009/03/02 11:18:32 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2009/03/02 11:18:28 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2009/03/02 11:18:18 | 00,486,400 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2009/01/10 17:17:32 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/01/10 17:16:56 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/01/10 17:16:50 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/01/10 17:16:14 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/01/10 17:15:54 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/01/10 17:15:44 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2009/01/10 17:15:32 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/01/10 17:15:28 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/01/10 17:15:12 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/01/10 17:14:08 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/01/10 17:14:06 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2008/12/03 17:11:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/06 11:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 11:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/10/13 04:30:20 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/07/10 12:10:12 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest

========== LOP Check ==========

[2009/12/11 21:50:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM
[2009/06/05 21:18:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AIM Toolbar
[2009/12/19 16:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
[2009/09/01 21:30:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverScanner
[2009/07/24 00:56:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Drivers HeadQuarters
[2009/07/24 00:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PCPitstop
[2009/07/24 00:51:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2009/06/05 21:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
[2009/09/01 21:28:18 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2009/09/11 05:54:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/05 21:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/01 21:35:04 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/09/01 21:27:11 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2009/06/11 13:43:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\acccore
[2009/12/19 17:20:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Blitware
[2009/06/11 13:40:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Dealio
[2009/11/24 17:21:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\GetRightToGo
[2010/01/01 14:08:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\godzHell
[2009/11/24 18:14:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Hoyle Blackjack
[2009/11/24 18:16:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Hoyle Card Games
[2009/11/24 17:32:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Hoyle FaceCreator
[2009/12/15 21:02:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\LimeWire
[2009/06/11 13:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Search Settings
[2009/07/24 00:36:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\SystemRequirementsLab
[2009/09/01 21:35:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Uniblue
[2009/11/21 00:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Utherverse
[2010/01/02 01:34:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\uTorrent
[2009/06/11 14:26:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner.ALEX\Application Data\Viewpoint
[2009/12/19 17:20:32 | 00,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2010/01/02 14:01:00 | 00,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:C5760A8B
< End of report >

#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 02 January 2010 - 02:12 PM

Hi shad0ws,

Your system has been infected by one or more Trojans with keylooger abilities.

Trojan.Nuklus is keylogger that can contact a remote server in order to download additional components onto infected computer, and will attempt to steal user's passwords in order to take control of infected computer.
http://www.threatexp...28cb35d0f46512b

Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall.

More information on Remote Access Trojans can be found here.

I strongly suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can help you clean your computer to the best of my abilities. I must remind you that i cannot guarantee that your computer will be completely clean afterwards since we have no way of knowing what has been done to it.

To help you make your decision, here are a few related articles that i suggest you read:

------------------------------------------------------

Should you wish to continue cleanin this computer or ar unable to reformat and reinstall, I will give you the next set of instructions.

You have a couple of questionable toolbars installed, Ask and Dealio. Do you actually use them?

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
[code=auto:0]:OTL
IE - HKCU\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: *E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2010/01/02 01:24:47 | 01,114,112 | ---- | C] (JgmPTVWrsJze) -- C:\WINDOWS\System32\AVR10.exe
[2010/01/02 14:22:25 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\roibav.sys
[2010/01/02 12:57:35 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll
[2010/01/02 12:56:38 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html
[2010/01/02 01:50:18 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat
[2010/01/02 01:50:18 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini

:Services

:Reg

:Files

:Commands
[CREATERESTOREPOINT]
[emptytemp]

[code=auto:0]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.


Next


Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


Please post back with
  • OTL fix log
  • combofix log
How is the computer?

Thanks

#5 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 02 January 2010 - 03:44 PM

I do not use ask or Dealio and i have no clue what dealio is. the "your system is infected" back round is gone and i have been able to change it back to what it was origanly. and my problem of being re directed to a diffrent page when clicking a link has been fixed. i dont know about any problem yet but i will provide the logs.



All processes killed
Error: Unable to interpret <OTL> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: *{03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: *03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: *54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: *CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: *E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1> in the current context!
Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <[2010/01/02 01:24:47 | 01,114,112 | ---- | C] (JgmPTVWrsJze) -- C:\WINDOWS\System32\AVR10.exe> in the current context!
Error: Unable to interpret <[2010/01/02 14:22:25 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\roibav.sys> in the current context!
Error: Unable to interpret <[2010/01/02 12:57:35 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\winhelper86.dll> in the current context!
Error: Unable to interpret <[2010/01/02 12:56:38 | 00,002,854 | ---- | M] () -- C:\WINDOWS\System32\critical_warning.html> in the current context!
Error: Unable to interpret <[2010/01/02 01:50:18 | 00,000,419 | ---- | M] () -- C:\WINDOWS\System32\uses32.dat> in the current context!
Error: Unable to interpret <[2010/01/02 01:50:18 | 00,000,100 | ---- | M] () -- C:\WINDOWS\System32\flags.ini> in the current context!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
Restore point Set: OTL Restore Point (64424509440)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 15076652 bytes

User: AlexC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 96636110 bytes
->Apple Safari cache emptied: 1090668 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 37824949 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 15328879 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner

User: Owner.ALEX
->Temp folder emptied: 43870 bytes
->Temporary Internet Files folder emptied: 3848975 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 56713294 bytes

User: OWNER~1~ALE

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 102417 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10940482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 229.00 mb


OTL by OldTimer - Version 3.1.20.1 log created on 01022010_160903

Files\Folders moved on Reboot...




ComboFix 10-01-02.01 - Owner 01/02/2010 16:27:02.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.528 [GMT -5:00]
Running from: c:\documents and settings\Owner.ALEX\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AlexC\Application Data\020000005107b522573C.manifest
c:\documents and settings\AlexC\Application Data\020000005107b522573O.manifest
c:\documents and settings\AlexC\Application Data\020000005107b522573P.manifest
c:\documents and settings\AlexC\Application Data\020000005107b522573S.manifest
c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}
c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome.manifest
c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome\content\_cfg.js
c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome\content\c.js
c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome\content\overlay.xul
c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\install.rdf
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\MicPhone
c:\program files\PlayMP3z
c:\program files\PlayMP3z\PlayMP3.exe
c:\program files\PlayMP3z\uninstall.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb128\SearchSettings.dll
c:\program files\Search Settings\kb128\SearchSettingsRes409.dll
c:\program files\Search Settings\SearchSettings.exe
c:\recycler\S-1-5-21-2344262563-4185845895-1544926713-1006
c:\windows\system32\drivers\1028_DELL_XPS_Dell DE051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DE051 .MRK
c:\windows\system32\lowsec
C:\xcrashdump.dat
D:\install.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-02 19:06 . 2010-01-02 19:06 -------- d-----w- c:\program files\ERUNT
2010-01-02 18:53 . 2010-01-02 18:53 388096 ----a-r- c:\documents and settings\Owner.ALEX\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-02 18:53 . 2010-01-02 18:53 -------- d-----w- c:\program files\TrendMicro
2010-01-02 07:57 . 2010-01-02 07:57 -------- d-----w- C:\!KillBox
2010-01-02 07:21 . 2010-01-02 07:21 -------- d-----w- c:\program files\music
2010-01-02 07:06 . 2010-01-02 07:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-12-24 23:08 . 2010-01-02 06:59 -------- d-----w- c:\program files\Steam
2009-12-20 04:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Blitware
2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\program files\Driver Robot
2009-12-19 21:57 . 2009-09-02 15:58 1107200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-19 21:57 . 2009-12-19 21:57 -------- d-----w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\AIM Toolbar
2009-12-19 21:55 . 2009-12-19 22:08 -------- d-----w- c:\program files\IDoser v4
2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\AIM Toolbar
2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM
2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\program files\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Malwarebytes
2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-02 07:50 . 2009-06-28 20:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2010-01-02 06:34 . 2009-06-07 11:54 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\uTorrent
2010-01-01 23:43 . 2009-06-07 16:14 -------- d-----w- c:\program files\Warcraft III
2010-01-01 19:08 . 2009-07-29 14:09 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\godzHell
2009-12-30 19:55 . 2010-01-02 19:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2010-01-02 19:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 21:57 . 2009-10-07 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-12-19 21:02 . 2009-08-09 03:00 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-16 02:02 . 2009-06-15 02:10 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\LimeWire
2009-12-15 21:38 . 2009-06-12 23:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-03 21:30 . 2009-06-07 11:44 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Ventrilo
2009-12-03 21:17 . 2009-07-14 02:35 -------- d-----w- c:\program files\DotA Gaming Network
2009-12-03 21:10 . 2008-04-26 21:23 -------- d-----w- c:\program files\WC3Banlist
2009-11-24 23:16 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Card Games
2009-11-24 23:14 . 2009-11-24 22:33 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Blackjack
2009-11-24 22:32 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle FaceCreator
2009-11-24 22:21 . 2009-07-24 05:56 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\GetRightToGo
2009-11-24 22:16 . 2009-11-24 22:16 -------- d-----w- c:\program files\Encore
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:26 . 2009-11-21 05:26 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Utherverse
2009-11-21 04:38 . 2009-11-21 04:38 -------- d-----w- c:\program files\Utherverse Digital Inc
2009-11-19 16:48 . 2009-12-01 03:26 872960 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-01 03:26 43008 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-01 03:26 340480 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-01 03:26 346624 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-15 03:14 . 2009-08-05 15:27 -------- d-----w- c:\program files\Google
2009-11-14 20:35 . 2009-07-19 15:43 -------- d-----w- c:\program files\Safari
2009-11-14 20:29 . 2009-11-14 20:29 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-14 20:26 . 2009-04-12 13:27 -------- d-----w- c:\program files\iTunes
2009-11-14 20:22 . 2009-04-12 13:28 -------- d-----w- c:\program files\iPod
2009-11-14 20:06 . 2009-11-14 20:06 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 02:15 . 2009-06-04 22:24 28264 ----a-w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2007-02-25 22:22 . 2009-12-22 02:22 50401488 ----a-w- c:\program files\Peyote.mp3
2007-02-25 22:18 . 2009-12-22 01:56 64801644 ----a-w- c:\program files\Marijuana.mp3
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 22:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-18 13680640]
"nwiz"="nwiz.exe" [2009-03-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-18 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\Owner.ALEX\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 12:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 02:32 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
2009-06-08 14:51 1934336 ----a-w- c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-12-19 03:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 18:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
2009-04-29 09:45 614696 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"TMBMServer"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LC\\pickup.listchecker.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\GHostOne\\GHostOne.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:warcraft III
"6112:UDP"= 6112:UDP:warcraft III

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 3:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 3:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/28/2009 3:52 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/5/2009 9:18 PM 10384]
S0 cmarovc;cmarovc;c:\windows\system32\drivers\roibav.sys --> c:\windows\system32\drivers\roibav.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/24/2009 12:23 AM 85504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/5/2009 9:18 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-12-19 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-19 22:29]

2010-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - component: c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint__.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 16:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-01-02 16:38:31
ComboFix-quarantined-files.txt 2010-01-02 21:38

Pre-Run: 8,294,400,000 bytes free
Post-Run: 8,253,771,776 bytes free

- - End Of File - - 555BEE2596566EC58473EAC0D13C2922

#6 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 02 January 2010 - 05:09 PM

Hi shad0ws,

You seemed to have missed the : at the beginning of the OTL fix. That's ok, combofix got most of it along with the Dealio toolbar.

If you don't want the Ask Toolbar, click your start button > Control Panel > Add/Remove progeams and uninstall

Ask Toolbar


While you are in there, you may want to consider this:

LimeWire and uTorrent
You have LimeWire and uTorrent, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the programs themselves that are the problem, but what can be downloaded with them, usually from an unknown source.

References for the risk of these programs can be found in these links:
http://www.microsoft...protection.mspx

http://www.internetw...cles/art053.htm

I would recommend that you uninstall LimeWire and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
C:\WINDOWS\System32\AVR10.exe
C:\WINDOWS\System32\drivers\roibav.sys
C:\WINDOWS\System32\winhelper86.dll
C:\WINDOWS\System32\uses32.dat
C:\WINDOWS\System32\flags.ini

Driver::
cmarovc

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image


Next

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
  • combofix log
  • MBAM log
Thanks

#7 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 02 January 2010 - 08:04 PM

at the end of the MBAM log where it says no action taken it was before i removed them so they are dealt with.


ComboFix 10-01-02.01 - Owner 01/02/2010 20:23:39.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.557 [GMT -5:00]
Running from: c:\documents and settings\Owner.ALEX\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner.ALEX\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\System32\AVR10.exe"
"c:\windows\System32\drivers\roibav.sys"
"c:\windows\System32\flags.ini"
"c:\windows\System32\uses32.dat"
"c:\windows\System32\winhelper86.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_cmarovc


((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 )))))))))))))))))))))))))))))))
.

2010-01-02 20:30 . 2010-01-02 20:30 -------- d-----w- C:\_OTL
2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Malwarebytes
2010-01-02 19:08 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-02 19:08 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 19:06 . 2010-01-02 19:06 -------- d-----w- c:\program files\ERUNT
2010-01-02 18:53 . 2010-01-02 18:53 -------- d-----w- c:\program files\TrendMicro
2010-01-02 07:57 . 2010-01-02 07:57 -------- d-----w- C:\!KillBox
2010-01-02 07:21 . 2010-01-02 07:21 -------- d-----w- c:\program files\music
2010-01-02 07:06 . 2010-01-02 07:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-12-24 23:08 . 2010-01-02 06:59 -------- d-----w- c:\program files\Steam
2009-12-20 04:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Blitware
2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\program files\Driver Robot
2009-12-19 21:57 . 2009-12-19 21:57 -------- d-----w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\AIM Toolbar
2009-12-19 21:55 . 2009-12-19 22:08 -------- d-----w- c:\program files\IDoser v4
2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\AIM Toolbar
2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM
2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\program files\AIM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 18:53 . 2010-01-02 18:53 388096 ----a-r- c:\documents and settings\Owner.ALEX\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-02 07:50 . 2009-06-28 20:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8
2010-01-02 06:34 . 2009-06-07 11:54 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\uTorrent
2010-01-01 23:43 . 2009-06-07 16:14 -------- d-----w- c:\program files\Warcraft III
2010-01-01 19:08 . 2009-07-29 14:09 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\godzHell
2009-12-19 21:57 . 2009-10-07 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar
2009-12-19 21:02 . 2009-08-09 03:00 -------- d-----w- c:\program files\Heroes of Newerth
2009-12-16 02:02 . 2009-06-15 02:10 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\LimeWire
2009-12-15 21:38 . 2009-06-12 23:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-12-03 21:30 . 2009-06-07 11:44 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Ventrilo
2009-12-03 21:17 . 2009-07-14 02:35 -------- d-----w- c:\program files\DotA Gaming Network
2009-12-03 21:10 . 2008-04-26 21:23 -------- d-----w- c:\program files\WC3Banlist
2009-11-24 23:16 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Card Games
2009-11-24 23:14 . 2009-11-24 22:33 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Blackjack
2009-11-24 22:32 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle FaceCreator
2009-11-24 22:21 . 2009-07-24 05:56 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\GetRightToGo
2009-11-24 22:16 . 2009-11-24 22:16 -------- d-----w- c:\program files\Encore
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:26 . 2009-11-21 05:26 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Utherverse
2009-11-21 04:38 . 2009-11-21 04:38 -------- d-----w- c:\program files\Utherverse Digital Inc
2009-11-19 16:48 . 2009-12-01 03:26 872960 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-01 03:26 43008 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-01 03:26 340480 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-01 03:26 346624 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-15 03:14 . 2009-08-05 15:27 -------- d-----w- c:\program files\Google
2009-11-14 20:35 . 2009-07-19 15:43 -------- d-----w- c:\program files\Safari
2009-11-14 20:29 . 2009-11-14 20:29 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2009-11-14 20:26 . 2009-04-12 13:27 -------- d-----w- c:\program files\iTunes
2009-11-14 20:22 . 2009-04-12 13:28 -------- d-----w- c:\program files\iPod
2009-11-14 20:06 . 2009-11-14 20:06 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 07:45 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 02:15 . 2009-06-04 22:24 28264 ----a-w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll
2007-02-25 22:22 . 2009-12-22 02:22 50401488 ----a-w- c:\program files\Peyote.mp3
2007-02-25 22:18 . 2009-12-22 01:56 64801644 ----a-w- c:\program files\Marijuana.mp3
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 22:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-18 13680640]
"nwiz"="nwiz.exe" [2009-03-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-18 86016]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

c:\documents and settings\Owner.ALEX\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 12:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2009-12-12 02:32 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient]
2009-06-08 14:51 1934336 ----a-w- c:\program files\Curse\CurseClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-12-19 03:42 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 18:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC]
2009-04-29 09:45 614696 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"tmproxy"=3 (0x3)
"TmPfw"=3 (0x3)
"TMBMServer"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LC\\pickup.listchecker.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\GHostOne\\GHostOne.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6112:TCP"= 6112:TCP:warcraft III
"6112:UDP"= 6112:UDP:warcraft III

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 3:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 3:53 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/28/2009 3:52 PM 297752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/5/2009 9:18 PM 10384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/24/2009 12:23 AM 85504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/5/2009 9:18 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-12-19 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-19 22:29]

2010-01-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-05-06 22:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &AIM Toolbar Search - c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p=
FF - component: c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint__.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 20:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-02 20:42:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-03 01:42
ComboFix2.txt 2010-01-02 21:38

Pre-Run: 8,188,329,984 bytes free
Post-Run: 8,073,711,616 bytes free

- - End Of File - - 6E4450EAB7ED045CF4BFFB70D082E0B1


Malwarebytes' Anti-Malware 1.43
Database version: 3484
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/2/2010 9:00:00 PM
mbam-log-2010-01-02 (20-59-56).txt

Scan type: Quick Scan
Objects scanned: 163940
Time elapsed: 11 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\BestShoppingTipsProgram (Adware.PlayMP3z) -> No action taken.

Files Infected:
C:\Program Files\BestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> No action taken.

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 03 January 2010 - 02:16 AM

Hi shad0ws,

Your java is out of date. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now

After the java is updated, reboot your computer if not prompted to.

Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK

One more scan to check our work.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

Please post back with
  • Kaspersky log
Thanks

#9 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 03 January 2010 - 02:22 PM

hi, i started the online scan but it froze around1 hour and 30 minutes. it had 7 threats found and 500+ Suspicious objects found. i just restarted the scan and was wondering if it would have taken that long.

#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 03 January 2010 - 07:02 PM

Hi shad0ws, Yes that scan can take a fair amount of time but it is well worth it. I've seem them take 10+ hours. Sit back, relax, take it easy. Sometimes it looks like it has froze when in fact it is scanning a large file.

#11 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 03 January 2010 - 08:09 PM

Ok, after 4 hours heres the report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, January 3, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, January 03, 2010 19:42:48 Records in database: 3364831 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 137318 Threats found: 10 Infected objects found: 1017 Suspicious objects found: 0 Scan duration: 04:17:57 File name / Threat / Threats count C:\dell\contact\help.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\dell\DELLBUTN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\dell\E-Center\index.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\dell\E-Center\toolbar.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\binds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\channel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\grptrgcmd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\grptrgeditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\grptrgvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\main.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\rank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\record.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\server.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupbinds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupevents.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupglobal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupmisc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupnetwork.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupoverlay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupspeech.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupvoicetraining.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\sfx.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\srvprop.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\user.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-admin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-chanadmin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-chanauth.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-display.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-info.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-network.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-transmit.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+15083315094.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+15202368744.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+15202496560.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+16039034315.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19783026717.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19788700680.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19788703413.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19788705687.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\aolsystemmsg.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\brendababe93.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\bur157ton.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\christinaaaaxl.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1237165909583.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1238461338078.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1238475395828.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1239063769770.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1239661165082.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\crypto862.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\emilyrox77.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\emmmilyyyyx3.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\hockeyplayer8475.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\ipittydanoobs.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\itotallyrox12.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\janelle1545.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\jazzgurl1985.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\kasajayyyyxd.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\kkrazy246.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\kujo369.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\liljay59360.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\nelson62390.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\omgxdbot006.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\pieavn9.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\psychoticpalmer.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\stacinsane.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\thewaffle3gx3.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\tiffaaim.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\timman852.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\vachon427.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\wucln396.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xchuckliddell55x.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xtracexedge@hotmail.com.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xxkalii211xx.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xxloudbrunettexx.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\My Received Files\djpathogen.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\My Received Files\Drayco587.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\My Received Files\experiment99.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\buttons\alerts.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\rss\rss.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\about.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\addcustombutton_confirm.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\latest.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\preferences.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\avg8\update\backup\contacts_us.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\faqs\122779.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\blank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\closeapp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\delitem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\download.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\moreinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\noitems.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\senddata.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\statinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\wait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_exe.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_exe1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_link.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\silent_update.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\offline\696.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\offline\697.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\offline\privacy_policy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1055856.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1083341.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1090152.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1091713.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1092188.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\122779.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\696.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\697.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1026016.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1055890.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1065237.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1073964.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1073993.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1074250.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1077154.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\modem_helper_sp2\Modem_Helper_XP_SP2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\PA1089329.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\PA1090384.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\PA1090493.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1055856.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1083341.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1090152.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1091713.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1092188.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\RA1055974.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1055646.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1055856.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1056916.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1066822.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1078218.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1082421.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1088799.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1090151.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\wireless.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\blank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\closeapp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\delitem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\download.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\moreinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\noitems.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\senddata.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\statinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\wait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\agent_infolet_link.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\silent_update.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\blank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\closeapp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\delitem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\download.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\moreinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\noitems.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\senddata.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\statinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\wait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\item_templ\agent_infolet_link.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\air-zoom.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\back-freeze.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\menucast.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\play-pause.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\vol-mute.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\autoscroll.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\documentflip.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\keystrokes.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\media.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\search.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\universalscroll.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\volume.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\zoom.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Online Services Info\index_0409.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Online Services Info\reminder1_0409.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\sum_04_hw.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\dionne warwick i love paris(1).wma Infected: Trojan-Downloader.WMA.Wimad.y 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\Dionne Warwick i Love Paris(2).wma Infected: Trojan.Win32.StartPage.ehg 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\dionne warwick i love paris.wma Infected: Trojan-Downloader.WMA.GetCodec.ah 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\im a crip.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1 C:\i386\actconn.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\actdone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\acterror.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activ.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activate.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activerr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activsvc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\actlan.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\actshell.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\act_plcy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\adeskerr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\adrdyreg.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\apolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\aprvcyms.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\areg1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\aregdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\aregdone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\autoupdt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\au_plcy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\badeula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\badpkey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\BYOA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ciadmin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\cnncterr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\3COM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AACRAID.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ACER640P.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ACLIENT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ACS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ADAPTEC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ADMPKW2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ADMPKXP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AHA8940.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AICDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ALKB2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ALPSPRT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\APFILTR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\APMERROR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ARTCAS6E.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ASSETCI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ATGUARD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ATKPROTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AVPGATEK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AWARD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\BAYMAN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\BLACKICE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\BOSERROR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CALCOMP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CANO620P.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CANOS100.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CARDEXEC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CDR4VSD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CERTSRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CIMGR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CISCOACU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CLDVD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CLTMGR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CNBJ51.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CNMULTI1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQDIAGC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQIJ.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQKBD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQMULTI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQPNPMG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQPWREX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPUFEAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CRASHMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CRUISE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CRYSTAL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CS4281.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CSA64XX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CSMIGRAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CSREM32.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CTZ_CRDL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DAYT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DECATAPI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DECML.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DELLPS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DELLTH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DELPERC2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DIRECTCD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DLCPROTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DMIBIOS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DOCKSVC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DRVNCDB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DSMU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DV_COMP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DV_GEN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DWRITE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EICONTA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ELSAMX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ENSONIQV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ENSQAUDM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSCOLOR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSON1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSON3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSON4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSP1270.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSPHOTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EXCHANGE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FAZAM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FIDMOU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FLOWCH7.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FTCOMP1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FTCOMP2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FTCOMP3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GENERIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GENIUS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GLINT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GSNW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HALHOOK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HDMIB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HDMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HERCULES.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP3300C.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP4050P6.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP4300C.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP5300C.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPAIO1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPAIO2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPCLJ450.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPCLJ850.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPCOMPAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ1000.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ610.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ810.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ815.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ830.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ880.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ900.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDMI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK10.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK11.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK12.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK13.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK14.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK5.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK6.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK7.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK8.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK9.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPI_USB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLJ1100.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLJ4050.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLJ5E.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPMMKB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPNRD4M.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPOJG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPPS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPSMART.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPSPARNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPTTIDM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP_PLD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\I2CNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IAVBOOT4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMIR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMMPG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMSVA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMTP4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMVC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBM_UMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ICPV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ICSUPGRD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ILS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IMATION.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INCOMPAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INITIO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTELAPP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTELATA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTELLIP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTLSISL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IOCLICK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IOMEGA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ISHRNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ISOTP4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ISVGINA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IX526FC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\KMW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\KODK4800.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\KRNLCHK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LAPLINK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LAPLNK2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LDCM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEX3200.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEXDLC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEXOPTRA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEXTCP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LM5700.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LM75.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LM78.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LMOPTRA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LMREPL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LOGITECH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LOGKCMD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LQDAUDIO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LTMODEM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MACDRIVE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MAESTRO0.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MAXELL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCFILTER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCROTK60.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCROTKC3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCROTKS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MELCO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MFPBR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MFPHP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MGACTRL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MIN8E.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MINPW20.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MNLT1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MPATH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSMQCOMP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSP1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSP2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSSS3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSTOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MTA57080.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NAV5.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NBFPROTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NDCPRTNS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NECPG1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NETFMIGT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NMSMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NTDSUPG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NTDSUPGD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NV_AGP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NWCLI32.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OCABLOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OILCHG25.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OKIPG1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OKIPG2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OKIPG8W.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OMC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OMNIPG10.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ONSTREAM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ORB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PALM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PANADVD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PANDA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCANY.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCCILLIN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCIINFO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCPNP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PELMOUSE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PFS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PHNIXAD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PLUST120.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\POWER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\POWPATH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PROCCNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PROLIGHT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PS2CONT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PSTRIP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PUMACSM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PWRICON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\QIC117.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\QUICK3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\RCENTRL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\REACHOUT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\RIPTIDE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\RUNONCE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SBS45FXC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SBS50FXC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SCANDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SDSELECT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SFUNFSCG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SHARSHTL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIGMA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIIG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIIGC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SISV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIWVID.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SKUSBKBF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNIDMI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNIDPMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNIPCI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SOFTOFF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SONIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SONYJDU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SPXBLOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SQL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SSCNTRL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SSI365.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SSPOWER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\STB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SWOFF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SYSHWCFG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SYSMGMT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SYSMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TITSB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TIVOLI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TMASTER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TMDIGPRO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TMDUALAG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TOPTOOLS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TOSDVD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPCHRSRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPCONFIG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPFUEL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPPMPORT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TRIDWNW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBAPM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBASD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBDS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBHDDPW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBMC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBSELBA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBVCAP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSSCIDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TT128.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\UMAX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\UTUPGR05.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\UTUPGR06.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VGAMODE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VIDAPPLT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VISN5300.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VISN6100.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WACOMDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WCE21.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WCGODRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WCMIGRAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WEBSCANX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WINACHSF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WINSQL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WTCLS2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX5.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX6.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROXWCT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XLINK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\YACXG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\YMHSYNTH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ZIPMAGIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\compname.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_data.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_multiple.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_networks.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_wizard.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\contents.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dialtone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dialup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\DRDCommt.htm Infected: Trojan-Downloader.JS.Iframe.bes 1 C:\i386\drdyisp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\drdymig.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\drdyoem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\drdyref.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dslmain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dsl_a.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dsl_b.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dtiwait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dtsgnup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\footer.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\hndshake.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\hnwprmpt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\icntlast.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\iconnect.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ics.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\icsdc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ident1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ident2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0001.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0002.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0005.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0006.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0007.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0010.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0013.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0014.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isp2busy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispcnerr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispdtone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isphdshk.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispins.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispnoanw.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isppberr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispphbsy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispsbusy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ISPTerms.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isptype.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispwait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\jndomain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\jndom_a.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\keybd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\keybdcmt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\MDACReadme.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\miglist.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migpage.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migwiz.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migwiz2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_a.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_b.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_c.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_d.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_e.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_g.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_h.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_i.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_j.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_k.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\msobshel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\neweula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\neweula2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\noanswer.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\oempriv.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\pberr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\prodkey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\prvcyms.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\pulse.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\pxcpya64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxcpyi64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxinsa64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxinsi64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\rcnterr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rdtone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\refdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\reg1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\reg3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\regdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rhndshk.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rnoansw.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rnomdm.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rpberr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rpulse.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rtoobusy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_better.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_easier.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_faster.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\scntlast.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\sconnect.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\security.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\snd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_control.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_desktop.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_ending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_files.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_icons.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_menu.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_taskbar.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_windows.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\timezone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\toobusy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_built.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_optimized.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_playing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\updshell.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\username.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\welcome.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\WINNTUPG\FSFILTER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\WINNTUPG\UNSUPMSG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\InstallShield\UpdateService\pm.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\1033\README.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\HTML\context.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\1033\EMPTY.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\1033\HelpWatermark.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\ampxtest.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Real\Update_OB\UI\msgoff.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\activation.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\component.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\help.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\not_connected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\no_connection_input.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\options.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\pleasewait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\purchase.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\registration.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\successful.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\HTML\ENU\err_not_connected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Backup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Bootable.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\CD_from_discs.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\CD_from_files.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\CD_properties.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Control_panel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Data_disc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\DLA.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Exact_copy1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Exact_copy2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Glossary.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Jukebox_disc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Listen.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Media_guide.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Mini_UI.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\More_help.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Saving_a_project.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Starting_a_project.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Tutorial_intro.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Upgrading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dmxprivacy.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dmxremote.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdabout.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdcontrols.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdgeneralsettings.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdhelp.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdinteractual.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdplaybacksettings.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdplaydisc.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdplayfiles.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\license.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\SonicResources\ClickMe.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\CheckNow\html\checknow.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\Faqs\faqs.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\Intro\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\Intro\html\intro.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infoaudio.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infodvddecoder.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infomisc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infovideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\closed.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\control.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\loading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\nav.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\play.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\closed.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\control.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\loading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\nav.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\play.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\t2x\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\default\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdbar.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdbar2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdplayer.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdplayer2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdwebstudio.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\weblinks.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_de.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_es.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_fr.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_it.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ja.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ko.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_sv.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_zh_CN.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.5.0_09\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.5.0_10\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.5.0_11\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.6.0_01\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.6.0_02\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.6.0_03\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\loading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\browser.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\InfoCenter.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\Users\AlexC\Data\browser.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\Users\AlexC\Data\InfoCenter.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\SetPoint\Readme.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\AccessWeb\CLNTWRAP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\INTLBAND.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Templates\12\MseNewFileItems\HTMLPAGE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\MsHotFix\MsHotFix.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\HosFAlt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\HosFErr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\PDPAlt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLfAlt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLFDang.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\UrlFDnsS.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\UrlFErr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\UrlFPhis.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLFScor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLFSusp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Serial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\binds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\channel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\grptrgcmd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\grptrgeditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\grptrgvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\main.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\rank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\record.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\server.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupbinds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupevents.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupglobal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupmisc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupnetwork.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupoverlay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupspeech.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupvoicetraining.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\sfx.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\srvprop.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\user.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-admin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-chanadmin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-chanauth.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-display.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-info.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-network.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-transmit.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\CorelReg\EN\LocalError.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\CorelReg\EN\LocalHome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\CorelReg\EN\LocalLoad.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\Readme.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\UpsellUI\UpsellUI.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Shared\Help\customerservice.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\XML\DTD\XMLNEWS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\_OTL\MovedFiles\01022010_153025\C_WINDOWS\system32\AVR10.exe Infected: Trojan.Win32.FraudPack.ajne 1 C:\_OTL\MovedFiles\01022010_153025\C_WINDOWS\system32\critical_warning.html Infected: Trojan.JS.Hoax.b 1 C:\_OTL\MovedFiles\01022010_153025\C_WINDOWS\system32\winhelper86.dll Infected: Trojan.Win32.Agent.deyu 1 Selected area has been scanned.

#12 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 04 January 2010 - 12:45 AM

Hi shad0ws,

Some bad news here.

You are infected with a file infector called Virut. This would explain all the infected .htm files. In the middle of that list is this

C:\i386\pxcpya64.exe Infected: Virus.Win32.Virut.ce 1
C:\i386\pxcpyi64.exe Infected: Virus.Win32.Virut.ce 1
C:\i386\pxinsa64.exe Infected: Virus.Win32.Virut.ce 1
C:\i386\pxinsi64.exe Infected: Virus.Win32.Virut.ce 1


This infection can and will infect all the machine's executable files .exe, .scr plus .html and .htm. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

More information can be found here and here.

A Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .hlm, .html files.
  • Backup all your documents and important items only.
    data/documents/pictures/movies/songs/etc..
  • DO NOT backup any executable files (,exe .scr .html or .htm)
  • Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files
  • Reformat and Reinstall as outlined HERE

A CD would be best, but a blank USB device will work. Make sure there aren't any executable on it.

If you are going to use a USB device, I suggest you use a freshly formated one. After formatting it, use FDD on it backing anything up.

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.


Be further advised that these infections may have backdoor capabilities.

I suggest you do the following immediately:
  • Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
Feel free to ask any questions, but keep in mind a Reformat is the only way to clean this computer.

#13 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 04 January 2010 - 08:31 PM

is there any way to backup the drivers so i wont have to find all of them agian after the reinstall and format?

#14 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,692 posts
  • MVP

Posted 04 January 2010 - 09:16 PM

Hi shad0ws, Which drives are you looking to back up?

#15 shad0ws

shad0ws

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 04 January 2010 - 09:17 PM

hopefully as many as i can. ive had to reformat my computer for this same problem and i remeber it being a hastle to refind all my drivers. i was wondering if there was a easier way.



Similar Topics: [Resolved] "your system is infected" wallpaper un removable     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users