[Resolved] "your system is infected" wallpaper un removable

Welcome to your place for tech questions! ( Log In or Join today ) Get answers from experts today. (it's 100% free) Virus removal forum

What the Tech > Spyware / Malware / Virus Removal > Virus, Spyware & Malware Removal

2 Pages

1 2 >

[Resolved] "your system is infected" wallpaper un removable

Options

shad0ws View Member Profile	Jan 2 2010, 02:32 AM Post #1
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	Hi, Today i downloaded something i though to be a safe file. And it contained a virus. My avg was unable to delete the infection and now isn't detecting it at all. But i have a unchangeable background that says "YOUR SYSTEM IS INFECTED System has been stopped due to a serious malfunction.Spy ware actively has been detected. It is recommended to use spy ware removal tool to prevent data loss. Do not use the computer before all the spy ware is removed" Also the virus disabled my task manager. I was able to enable it again briefly before i restarted my computer using other advice i found online using "regedit" under the run command. Lastly when ever i try to click a link on Google or any other search site i get linked to a site that says "Reported Attack Site! This web site at c.ppcxml.net has been reported as an attack site and has been blocked based on your security preferences. Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system. Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners." this happened just hours ago and i couldnt find the solution by myself i would really like some help. thanks look forward to getting an email in the future. This post has been edited by shad0ws: Jan 2 2010, 02:34 AM

oldman960 View Member Profile	Jan 2 2010, 01:07 PM Post #2
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi , welcome to the forum. To make cleaning this machine easier Please do not uninstall/install any programs unless asked to It is more difficult when files/programs are appearing in/disappearing from the logs. Please do not run any scans other than those requested Please follow all instructions in the order posted All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked. Do not attach any logs/reports, etc.. unless specifically requested to do so. If you have problems with or do not understand the instructions, Please ask before continuing. Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine. NEXT Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan. Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. Click the image to enlarge it In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and post it in your next reply. Caution Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries Download OTL to your desktop. Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output Check the boxes beside LOP Check and Purity Check. Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Please post back with GMER log both OTL logs Thanks

oldman960 View Member Profile	Jan 2 2010, 02:12 PM Post #4
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi shad0ws, Your system has been infected by one or more Trojans with keylooger abilities. Trojan.Nuklus is keylogger that can contact a remote server in order to download additional components onto infected computer, and will attempt to steal user's passwords in order to take control of infected computer. http://www.threatexpert.com/report.aspx?md...28cb35d0f46512b Its very possible that anything could have been installed on your computer by the remote attacker, including opening other backdoors and installing rootkits. While we can attempt to clean what we see in your logs, we cannot guarantee that your computer will be completely in the clear since we have no way of knowing that has been done to the computer. Your computer could be completely compromised at this moment. It may be prudent to backup your information, reformat, and reinstall. More information on Remote Access Trojans can be found here. I strongly suggest you do the following immediately: Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to. DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. If, however, you decide that the computer is not used for any sensitive work, or if you do not wish to reformat at this time, I can help you clean your computer to the best of my abilities. I must remind you that i cannot guarantee that your computer will be completely clean afterwards since we have no way of knowing what has been done to it. To help you make your decision, here are a few related articles that i suggest you read: Danger: Remote Access Trojans. When should I re-format? How should I reinstall? How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud? ------------------------------------------------------ Should you wish to continue cleanin this computer or ar unable to reformat and reinstall, I will give you the next set of instructions. You have a couple of questionable toolbars installed, Ask and Dealio. Do you actually use them? Next, Double click on OTL.exe Under the Custom Scans/Fixes box at the bottom, paste in the following Do Not copy the word CODE please note the fix starts with the : [CODE]:OTL IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: 54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2010/01/02 01:24:47 \| 01,114,112 \| ---- \| C] (JgmPTVWrsJze) -- C:\WINDOWS\System32\AVR10.exe [2010/01/02 14:22:25 \| 00,054,016 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\roibav.sys [2010/01/02 12:57:35 \| 00,016,896 \| ---- \| M] () -- C:\WINDOWS\System32\winhelper86.dll [2010/01/02 12:56:38 \| 00,002,854 \| ---- \| M] () -- C:\WINDOWS\System32\critical_warning.html [2010/01/02 01:50:18 \| 00,000,419 \| ---- \| M] () -- C:\WINDOWS\System32\uses32.dat [2010/01/02 01:50:18 \| 00,000,100 \| ---- \| M] () -- C:\WINDOWS\System32\flags.ini :Services :Reg :Files :Commands [CREATERESTOREPOINT] [emptytemp] [CODE] Then click the Run Fix button at the top Let the program run unhindered Please save the resulting log to be posted in your next reply. Next Please read through these instructions to familarize yourself with what to expect when this tool runs Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes:** 1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Please post back with OTL fix log combofix log How is the computer? Thanks

shad0ws View Member Profile	Jan 2 2010, 03:44 PM Post #5
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	I do not use ask or Dealio and i have no clue what dealio is. the "your system is infected" back round is gone and i have been able to change it back to what it was origanly. and my problem of being re directed to a diffrent page when clicking a link has been fixed. i dont know about any problem yet but i will provide the logs. All processes killed Error: Unable to interpret <OTL> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: 03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: 54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <IE - HKCU\..\URLSearchHook: E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1> in the current context! Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1> in the current context! Error: Unable to interpret <O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context! Error: Unable to interpret <[2010/01/02 01:24:47 \| 01,114,112 \| ---- \| C] (JgmPTVWrsJze) -- C:\WINDOWS\System32\AVR10.exe> in the current context! Error: Unable to interpret <[2010/01/02 14:22:25 \| 00,054,016 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\roibav.sys> in the current context! Error: Unable to interpret <[2010/01/02 12:57:35 \| 00,016,896 \| ---- \| M] () -- C:\WINDOWS\System32\winhelper86.dll> in the current context! Error: Unable to interpret <[2010/01/02 12:56:38 \| 00,002,854 \| ---- \| M] () -- C:\WINDOWS\System32\critical_warning.html> in the current context! Error: Unable to interpret <[2010/01/02 01:50:18 \| 00,000,419 \| ---- \| M] () -- C:\WINDOWS\System32\uses32.dat> in the current context! Error: Unable to interpret <[2010/01/02 01:50:18 \| 00,000,100 \| ---- \| M] () -- C:\WINDOWS\System32\flags.ini> in the current context! ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== Restore point Set: OTL Restore Point (64424509440) [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 15076652 bytes User: AlexC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 96636110 bytes ->Apple Safari cache emptied: 1090668 bytes User: All Users User: All Users.WINDOWS User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User.WINDOWS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 37824949 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->FireFox cache emptied: 15328879 bytes User: LocalService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: NetworkService.NT AUTHORITY ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Owner User: Owner.ALEX ->Temp folder emptied: 43870 bytes ->Temporary Internet Files folder emptied: 3848975 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 56713294 bytes User: OWNER~1~ALE %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2195181 bytes %systemroot%\System32 .tmp files removed: 102417 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10940482 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 229.00 mb OTL by OldTimer - Version 3.1.20.1 log created on 01022010_160903 Files\Folders moved on Reboot... ComboFix 10-01-02.01 - Owner 01/02/2010 16:27:02.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.528 [GMT -5:00] Running from: c:\documents and settings\Owner.ALEX\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\AlexC\Application Data\020000005107b522573C.manifest c:\documents and settings\AlexC\Application Data\020000005107b522573O.manifest c:\documents and settings\AlexC\Application Data\020000005107b522573P.manifest c:\documents and settings\AlexC\Application Data\020000005107b522573S.manifest c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E} c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome.manifest c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome\content\_cfg.js c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome\content\c.js c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\chrome\content\overlay.xul c:\documents and settings\AlexC\Local Settings\Application Data\{4ED7B2B6-4EE9-40B1-AD56-95697D87DE1E}\install.rdf c:\program files\Dealio Toolbar c:\program files\Dealio Toolbar\config.ini c:\program files\Dealio Toolbar\DealioToolbarIE.dll c:\program files\Dealio Toolbar\Res\amazon.gif c:\program files\Dealio Toolbar\Res\apple.gif c:\program files\Dealio Toolbar\Res\barnes.gif c:\program files\Dealio Toolbar\Res\bestbuy.gif c:\program files\Dealio Toolbar\Res\dealio_logo.gif c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif c:\program files\Dealio Toolbar\Res\ebay.gif c:\program files\Dealio Toolbar\Res\icon_settings.gif c:\program files\Dealio Toolbar\Res\macys.gif c:\program files\Dealio Toolbar\Res\newegg.gif c:\program files\Dealio Toolbar\Res\overstock.gif c:\program files\Dealio Toolbar\Res\search-button-hover.gif c:\program files\Dealio Toolbar\Res\search-button.gif c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif c:\program files\Dealio Toolbar\Res\search-chevron.gif c:\program files\Dealio Toolbar\Res\search_amazon.gif c:\program files\Dealio Toolbar\Res\search_dealio.gif c:\program files\Dealio Toolbar\Res\search_ebay.gif c:\program files\Dealio Toolbar\Res\search_yahoo.gif c:\program files\Dealio Toolbar\Res\separator.gif c:\program files\Dealio Toolbar\Res\target.gif c:\program files\Dealio Toolbar\Res\walmart.gif c:\program files\Dealio Toolbar\Res\widgets.xml c:\program files\Dealio Toolbar\SearchSettingsKit.exe c:\program files\Dealio Toolbar\WidgiHelper.exe c:\program files\MicPhone c:\program files\PlayMP3z c:\program files\PlayMP3z\PlayMP3.exe c:\program files\PlayMP3z\uninstall.exe c:\program files\Search Settings c:\program files\Search Settings\kb128\SearchSettings.dll c:\program files\Search Settings\kb128\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\recycler\S-1-5-21-2344262563-4185845895-1544926713-1006 c:\windows\system32\drivers\1028_DELL_XPS_Dell DE051 .MRK c:\windows\system32\drivers\DELL_XPS_Dell DE051 .MRK c:\windows\system32\lowsec C:\xcrashdump.dat D:\install.exe . ((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 ))))))))))))))))))))))))))))))) . 2010-01-02 19:06 . 2010-01-02 19:06 -------- d-----w- c:\program files\ERUNT 2010-01-02 18:53 . 2010-01-02 18:53 388096 ----a-r- c:\documents and settings\Owner.ALEX\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-02 18:53 . 2010-01-02 18:53 -------- d-----w- c:\program files\TrendMicro 2010-01-02 07:57 . 2010-01-02 07:57 -------- d-----w- C:\!KillBox 2010-01-02 07:21 . 2010-01-02 07:21 -------- d-----w- c:\program files\music 2010-01-02 07:06 . 2010-01-02 07:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-12-24 23:08 . 2010-01-02 06:59 -------- d-----w- c:\program files\Steam 2009-12-20 04:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Blitware 2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\program files\Driver Robot 2009-12-19 21:57 . 2009-09-02 15:58 1107200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar\IEToolbar.dll 2009-12-19 21:57 . 2009-12-19 21:57 -------- d-----w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\AIM Toolbar 2009-12-19 21:55 . 2009-12-19 22:08 -------- d-----w- c:\program files\IDoser v4 2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\AIM Toolbar 2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\Common Files\Software Update Utility 2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM 2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\program files\AIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Malwarebytes 2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2010-01-02 07:50 . 2009-06-28 20:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8 2010-01-02 06:34 . 2009-06-07 11:54 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\uTorrent 2010-01-01 23:43 . 2009-06-07 16:14 -------- d-----w- c:\program files\Warcraft III 2010-01-01 19:08 . 2009-07-29 14:09 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\godzHell 2009-12-30 19:55 . 2010-01-02 19:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-30 19:54 . 2010-01-02 19:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-19 21:57 . 2009-10-07 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar 2009-12-19 21:02 . 2009-08-09 03:00 -------- d-----w- c:\program files\Heroes of Newerth 2009-12-16 02:02 . 2009-06-15 02:10 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\LimeWire 2009-12-15 21:38 . 2009-06-12 23:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-12-03 21:30 . 2009-06-07 11:44 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Ventrilo 2009-12-03 21:17 . 2009-07-14 02:35 -------- d-----w- c:\program files\DotA Gaming Network 2009-12-03 21:10 . 2008-04-26 21:23 -------- d-----w- c:\program files\WC3Banlist 2009-11-24 23:16 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Card Games 2009-11-24 23:14 . 2009-11-24 22:33 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Blackjack 2009-11-24 22:32 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle FaceCreator 2009-11-24 22:21 . 2009-07-24 05:56 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\GetRightToGo 2009-11-24 22:16 . 2009-11-24 22:16 -------- d-----w- c:\program files\Encore 2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-21 05:26 . 2009-11-21 05:26 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Utherverse 2009-11-21 04:38 . 2009-11-21 04:38 -------- d-----w- c:\program files\Utherverse Digital Inc 2009-11-19 16:48 . 2009-12-01 03:26 872960 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 16:48 . 2009-12-01 03:26 43008 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 16:48 . 2009-12-01 03:26 340480 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 16:48 . 2009-12-01 03:26 346624 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-15 03:14 . 2009-08-05 15:27 -------- d-----w- c:\program files\Google 2009-11-14 20:35 . 2009-07-19 15:43 -------- d-----w- c:\program files\Safari 2009-11-14 20:29 . 2009-11-14 20:29 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2009-11-14 20:26 . 2009-04-12 13:27 -------- d-----w- c:\program files\iTunes 2009-11-14 20:22 . 2009-04-12 13:28 -------- d-----w- c:\program files\iPod 2009-11-14 20:06 . 2009-11-14 20:06 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 07:45 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 02:15 . 2009-06-04 22:24 28264 ----a-w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll 2007-02-25 22:22 . 2009-12-22 02:22 50401488 ----a-w- c:\program files\Peyote.mp3 2007-02-25 22:18 . 2009-12-22 01:56 64801644 ----a-w- c:\program files\Marijuana.mp3 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-05-06 22:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-18 13680640] "nwiz"="nwiz.exe" [2009-03-18 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-18 86016] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600] c:\documents and settings\Owner.ALEX\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-31 12:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] \Program\ [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] 2009-12-12 02:32 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] 2009-06-08 14:51 1934336 ----a-w- c:\program files\Curse\CurseClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-12-19 03:42 76304 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 18:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009] 2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC] 2009-04-29 09:45 614696 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "tmproxy"=3 (0x3) "TmPfw"=3 (0x3) "TMBMServer"=2 (0x2) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "iPod Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LC\\pickup.listchecker.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\GHostOne\\GHostOne.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Heroes of Newerth\\hon.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:warcraft III "6112:UDP"= 6112:UDP:warcraft III R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 3:53 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 3:53 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/28/2009 3:52 PM 297752] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/5/2009 9:18 PM 10384] S0 cmarovc;cmarovc;c:\windows\system32\drivers\roibav.sys --> c:\windows\system32\drivers\roibav.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/24/2009 12:23 AM 85504] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/5/2009 9:18 PM 24652] . Contents of the 'Scheduled Tasks' folder 2009-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-12-19 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-19 22:29] 2010-01-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-05-06 22:11] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: &AIM Toolbar Search - c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p= FF - component: c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint__.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false. - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-02 16:35 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(688) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . Completion time: 2010-01-02 16:38:31 ComboFix-quarantined-files.txt 2010-01-02 21:38 Pre-Run: 8,294,400,000 bytes free Post-Run: 8,253,771,776 bytes free - - End Of File - - 555BEE2596566EC58473EAC0D13C2922

oldman960 View Member Profile	Jan 2 2010, 05:09 PM Post #6
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi shad0ws, You seemed to have missed the : at the beginning of the OTL fix. That's ok, combofix got most of it along with the Dealio toolbar. If you don't want the Ask Toolbar, click your start button > Control Panel > Add/Remove progeams and uninstall Ask Toolbar While you are in there, you may want to consider this: LimeWire and uTorrent You have LimeWire and uTorrent, P2P/file sharing programs installed on your computer. P2P applications like it are the largest source of malware we see. You'll be doing yourself a favor by removing it. It's not the programs themselves that are the problem, but what can be downloaded with them, usually from an unknown source. References for the risk of these programs can be found in these links: http://www.microsoft.com/windows/ie/commun...protection.mspx http://www.internetworldstats.com/articles...cles/art053.htm I would recommend that you uninstall LimeWire and uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs. If you wish to keep it, please do not use it until your computer is cleaned. Please follow all previous instructions regarding security programs. Open a new Notepad session Click the Start button, click run in the run box type notepad click ok In the notepad, Click "Format" and be certain that Word Wrap is not checked. Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE CODE File:: C:\WINDOWS\System32\AVR10.exe C:\WINDOWS\System32\drivers\roibav.sys C:\WINDOWS\System32\winhelper86.dll C:\WINDOWS\System32\uses32.dat C:\WINDOWS\System32\flags.ini Driver:: cmarovc In the notepad Click File, Save as..., and set the Save in to your Desktop In the filename box, type (including quotation marks) as the filename: "CFScript.txt" Click save Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below. This will start ComboFix again.Close all browser/windows first. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall Next You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan. Open MBAM Click the Update tab Click Check for Updates If an update is found, it will download and install the latest version. The program will close to update and reopen. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please post back with combofix log MBAM log Thanks

shad0ws View Member Profile	Jan 2 2010, 08:04 PM Post #7
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	at the end of the MBAM log where it says no action taken it was before i removed them so they are dealt with. ComboFix 10-01-02.01 - Owner 01/02/2010 20:23:39.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.557 [GMT -5:00] Running from: c:\documents and settings\Owner.ALEX\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner.ALEX\Desktop\CFScript.txt AV: AVG Anti-Virus Free On-access scanning disabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\System32\AVR10.exe" "c:\windows\System32\drivers\roibav.sys" "c:\windows\System32\flags.ini" "c:\windows\System32\uses32.dat" "c:\windows\System32\winhelper86.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_cmarovc ((((((((((((((((((((((((( Files Created from 2009-12-03 to 2010-01-03 ))))))))))))))))))))))))))))))) . 2010-01-02 20:30 . 2010-01-02 20:30 -------- d-----w- C:\_OTL 2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Malwarebytes 2010-01-02 19:08 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2010-01-02 19:08 . 2010-01-02 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-02 19:08 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 19:06 . 2010-01-02 19:06 -------- d-----w- c:\program files\ERUNT 2010-01-02 18:53 . 2010-01-02 18:53 -------- d-----w- c:\program files\TrendMicro 2010-01-02 07:57 . 2010-01-02 07:57 -------- d-----w- C:\!KillBox 2010-01-02 07:21 . 2010-01-02 07:21 -------- d-----w- c:\program files\music 2010-01-02 07:06 . 2010-01-02 07:07 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-12-24 23:08 . 2010-01-02 06:59 -------- d-----w- c:\program files\Steam 2009-12-20 04:20 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Blitware 2009-12-19 22:20 . 2009-12-19 22:20 -------- d-----w- c:\program files\Driver Robot 2009-12-19 21:57 . 2009-12-19 21:57 -------- d-----w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\AIM Toolbar 2009-12-19 21:55 . 2009-12-19 22:08 -------- d-----w- c:\program files\IDoser v4 2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\AIM Toolbar 2009-12-12 02:51 . 2009-12-12 02:51 -------- d-----w- c:\program files\Common Files\Software Update Utility 2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AIM 2009-12-12 02:50 . 2009-12-12 02:50 -------- d-----w- c:\program files\AIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-02 18:53 . 2010-01-02 18:53 388096 ----a-r- c:\documents and settings\Owner.ALEX\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe 2010-01-02 07:50 . 2009-06-28 20:52 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8 2010-01-02 06:34 . 2009-06-07 11:54 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\uTorrent 2010-01-01 23:43 . 2009-06-07 16:14 -------- d-----w- c:\program files\Warcraft III 2010-01-01 19:08 . 2009-07-29 14:09 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\godzHell 2009-12-19 21:57 . 2009-10-07 19:29 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVG Security Toolbar 2009-12-19 21:02 . 2009-08-09 03:00 -------- d-----w- c:\program files\Heroes of Newerth 2009-12-16 02:02 . 2009-06-15 02:10 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\LimeWire 2009-12-15 21:38 . 2009-06-12 23:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help 2009-12-03 21:30 . 2009-06-07 11:44 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Ventrilo 2009-12-03 21:17 . 2009-07-14 02:35 -------- d-----w- c:\program files\DotA Gaming Network 2009-12-03 21:10 . 2008-04-26 21:23 -------- d-----w- c:\program files\WC3Banlist 2009-11-24 23:16 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Card Games 2009-11-24 23:14 . 2009-11-24 22:33 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle Blackjack 2009-11-24 22:32 . 2009-11-24 22:31 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Hoyle FaceCreator 2009-11-24 22:21 . 2009-07-24 05:56 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\GetRightToGo 2009-11-24 22:16 . 2009-11-24 22:16 -------- d-----w- c:\program files\Encore 2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-21 05:26 . 2009-11-21 05:26 -------- d-----w- c:\documents and settings\Owner.ALEX\Application Data\Utherverse 2009-11-21 04:38 . 2009-11-21 04:38 -------- d-----w- c:\program files\Utherverse Digital Inc 2009-11-19 16:48 . 2009-12-01 03:26 872960 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 16:48 . 2009-12-01 03:26 43008 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 16:48 . 2009-12-01 03:26 340480 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 16:48 . 2009-12-01 03:26 346624 ----a-w- c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-15 03:14 . 2009-08-05 15:27 -------- d-----w- c:\program files\Google 2009-11-14 20:35 . 2009-07-19 15:43 -------- d-----w- c:\program files\Safari 2009-11-14 20:29 . 2009-11-14 20:29 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe 2009-11-14 20:26 . 2009-04-12 13:27 -------- d-----w- c:\program files\iTunes 2009-11-14 20:22 . 2009-04-12 13:28 -------- d-----w- c:\program files\iPod 2009-11-14 20:06 . 2009-11-14 20:06 79144 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-10-29 07:45 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2004-08-04 10:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2004-08-04 10:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-21 02:15 . 2009-06-04 22:24 28264 ----a-w- c:\documents and settings\Owner.ALEX\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-20 16:20 . 2004-08-04 10:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2004-08-04 10:00 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2004-08-04 10:00 79872 ----a-w- c:\windows\system32\raschap.dll 2007-02-25 22:22 . 2009-12-22 02:22 50401488 ----a-w- c:\program files\Peyote.mp3 2007-02-25 22:18 . 2009-12-22 01:56 64801644 ----a-w- c:\program files\Marijuana.mp3 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-05-06 22:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-18 13680640] "nwiz"="nwiz.exe" [2009-03-18 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-18 86016] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600] c:\documents and settings\Owner.ALEX\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-31 12:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Digital Line Detect.lnk] backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] \Program\ [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2009-08-13 19:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] 2009-12-12 02:32 2043160 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CurseClient] 2009-06-08 14:51 1934336 ----a-w- c:\program files\Curse\CurseClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] 2005-09-20 13:32 77824 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] 2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2005-09-20 13:35 94208 ----a-w- c:\windows\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe] 2009-05-15 02:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] 2008-12-19 03:42 76304 ----a-w- c:\windows\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig] 2008-04-14 00:12 169984 ----a-w- c:\windows\pchealth\helpctr\binaries\msconfig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2005-09-20 13:36 114688 ----a-w- c:\windows\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-05 05:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] 2004-10-14 18:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009] 2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UniblueSpeedUpMyPC] 2009-04-29 09:45 614696 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "tmproxy"=3 (0x3) "TmPfw"=3 (0x3) "TMBMServer"=2 (0x2) "Viewpoint Manager Service"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "iPod Service"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Warcraft III\\Warcraft III.exe"= "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LC\\pickup.listchecker.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\GHostOne\\GHostOne.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Heroes of Newerth\\hon.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Steam\\SteamApps\\common\\left 4 dead 2\\left4dead2.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "6112:TCP"= 6112:TCP:warcraft III "6112:UDP"= 6112:UDP:warcraft III R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/28/2009 3:53 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/28/2009 3:53 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/28/2009 3:52 PM 297752] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [6/5/2009 9:18 PM 10384] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [7/24/2009 12:23 AM 85504] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/5/2009 9:18 PM 24652] . Contents of the 'Scheduled Tasks' folder 2009-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2009-12-19 c:\windows\Tasks\Driver Robot.job - c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-19 22:29] 2010-01-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-05-06 22:11] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: &AIM Toolbar Search - c:\documents and settings\All Users.WINDOWS\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001 FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=616163&p= FF - component: c:\documents and settings\Owner.ALEX\Application Data\Mozilla\Firefox\Profiles\8hh4mcgs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll FF - plugin: c:\program files\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint__.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false. - - - - ORPHANS REMOVED - - - - URLSearchHooks-HookURL - (no file) URLSearchHooks-Rank - (no file) *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-02 20:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll - - - - - - - > 'explorer.exe'(2588) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2010-01-02 20:42:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-03 01:42 ComboFix2.txt 2010-01-02 21:38 Pre-Run: 8,188,329,984 bytes free Post-Run: 8,073,711,616 bytes free - - End Of File - - 6E4450EAB7ED045CF4BFFB70D082E0B1 Malwarebytes' Anti-Malware 1.43 Database version: 3484 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 1/2/2010 9:00:00 PM mbam-log-2010-01-02 (20-59-56).txt Scan type: Quick Scan Objects scanned: 163940 Time elapsed: 11 minute(s), 37 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\BestShoppingTipsProgram (Adware.PlayMP3z) -> No action taken. Files Infected: C:\Program Files\BestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> No action taken.

oldman960 View Member Profile	Jan 3 2010, 02:16 AM Post #8
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi shad0ws, Your java is out of date. Click your start button, open Control panel. Locate the Java icon (it looks like a coffee cup) double click it to open it click the Update tab Click update now After the java is updated, reboot your computer if not prompted to. Next, clear the java cache To clear the Java Plug-in cache: Click Start > Control Panel. Double-click the Java icon in the control panel. On the General tab, Click Settings under Temporary Internet Files. On the Temporary Files Settings screen, Click Delete Files. check all boxes Click OK One more scan to check our work. Note It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time. Please don't go surfing while your resident protection is disabled! Once the scan is finished remember to re-enable your antivirus along with your antispyware programs. Please go to Kaspersky* website and perform an online antivirus scan. Read through the requirements and privacy statement and click on Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button Spyware, Adware, Dialers, and other potentially dangerous programs Archives Mail databases Click on My Computer under Scan. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items there. Click on Save Report As.... Change the Files of type to Text file (.txt) Set the Save In to Desktop click the Save button. Please post this log in your next reply. Please post back with Kaspersky log Thanks

shad0ws View Member Profile	Jan 3 2010, 02:22 PM Post #9
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	hi, i started the online scan but it froze around1 hour and 30 minutes. it had 7 threats found and 500+ Suspicious objects found. i just restarted the scan and was wondering if it would have taken that long.

oldman960 View Member Profile	Jan 3 2010, 07:02 PM Post #10
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi shad0ws, Yes that scan can take a fair amount of time but it is well worth it. I've seem them take 10+ hours. Sit back, relax, take it easy. Sometimes it looks like it has froze when in fact it is scanning a large file.

shad0ws View Member Profile	Jan 3 2010, 08:09 PM Post #11
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	Ok, after 4 hours heres the report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, January 3, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Sunday, January 03, 2010 19:42:48 Records in database: 3364831 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 137318 Threats found: 10 Infected objects found: 1017 Suspicious objects found: 0 Scan duration: 04:17:57 File name / Threat / Threats count C:\dell\contact\help.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\dell\DELLBUTN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\dell\E-Center\index.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\dell\E-Center\toolbar.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Application Data\LimeWire\browser\xulrunner\res\hiddenWindow.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\binds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\channel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\grptrgcmd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\grptrgeditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\grptrgvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\main.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\rank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\record.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\server.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupbinds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupevents.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupglobal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupmisc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupnetwork.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupoverlay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupspeech.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\setupvoicetraining.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\sfx.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\srvprop.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\user.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-admin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-chanadmin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-chanauth.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-display.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-info.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-network.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor-transmit.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\Local Settings\Application Data\Microsoft\CD Burning\Ventrilo\Doc\usereditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+15083315094.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+15202368744.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+15202496560.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+16039034315.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19783026717.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19788700680.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19788703413.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\+19788705687.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\aolsystemmsg.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\brendababe93.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\bur157ton.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\christinaaaaxl.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1237165909583.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1238461338078.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1238475395828.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1239063769770.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\conf-chat1239661165082.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\crypto862.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\emilyrox77.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\emmmilyyyyx3.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\hockeyplayer8475.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\ipittydanoobs.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\itotallyrox12.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\janelle1545.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\jazzgurl1985.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\kasajayyyyxd.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\kkrazy246.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\kujo369.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\liljay59360.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\nelson62390.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\omgxdbot006.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\pieavn9.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\psychoticpalmer.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\stacinsane.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\thewaffle3gx3.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\tiffaaim.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\timman852.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\vachon427.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\wucln396.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xchuckliddell55x.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xtracexedge@hotmail.com.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xxkalii211xx.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\AIMLogger\headtotheshot\IM Logs\xxloudbrunettexx.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\My Received Files\djpathogen.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\My Received Files\Drayco587.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\AlexC\My Documents\My Received Files\experiment99.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\buttons\alerts.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\rss\rss.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\about.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\addcustombutton.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\addcustombutton_confirm.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\buttons_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\clearprints_confirm.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\defaultsearch.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\dropcustombutton.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\firsttimepage.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\footprints_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\latest.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\olderversion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\options_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\popups_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\preferences.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\renamecustombutton.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\resettoolbar.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\ui\search_frame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4220\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.32.1\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\CanceledInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\CancelingInstall.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\CloseRunning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Congrats4.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Error_FailedDiskSpaceCheck.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\ExistNewerVersion.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\InstallingProgress.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Legal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\LegalAgreement.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\NoQualify.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\NothingTodo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Preparing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\privacy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\PrivacyPolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\ProductDetected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\RebootPending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\tos.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.1\html\Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\avg8\update\backup\contacts_us.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\faqs\122779.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\blank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\closeapp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\delitem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\download.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\moreinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\noitems.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\senddata.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\statinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\html\wait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_exe.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_exe1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_link.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\agent_infolet_survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\silent_update.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\offline\696.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\offline\697.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\offline\privacy_policy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1055856.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1083341.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1090152.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1091713.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\PC_Recovery\1092188.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\122779.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\696.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\697.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1026016.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1055890.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1065237.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1073964.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1073993.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1074250.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\FA1077154.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\modem_helper_sp2\Modem_Helper_XP_SP2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\PA1089329.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\PA1090384.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\PA1090493.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1055856.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1083341.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1090152.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1091713.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\pc_recovery\1092188.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\RA1055974.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1055646.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1055856.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1056916.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1066822.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1078218.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1082421.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1088799.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\TT1090151.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\faqs\wireless.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\blank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\closeapp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\delitem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\download.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\moreinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\noitems.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\senddata.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\statinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\html\wait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\agent_infolet_link.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\HTML\item_templ\silent_update.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\blank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\closeapp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\delitem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\download.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\moreinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\noitems.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\senddata.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\statinfo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\survey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\html\wait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\HTML\item_templ\agent_infolet_link.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\air-zoom.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\back-freeze.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\menucast.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\play-pause.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006C\vol-mute.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\autoscroll.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\documentflip.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\keystrokes.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\media.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\search.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\universalscroll.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\volume.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\zoom.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Online Services Info\index_0409.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\MAGIX\Common\Online Services Info\reminder1_0409.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\McAfee\HackerWatch\sum_04_hw.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\PickGame.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\dionne warwick i love paris(1).wma Infected: Trojan-Downloader.WMA.Wimad.y 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\Dionne Warwick i Love Paris(2).wma Infected: Trojan.Win32.StartPage.ehg 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\dionne warwick i love paris.wma Infected: Trojan-Downloader.WMA.GetCodec.ah 1 C:\Documents and Settings\Owner.ALEX\My Documents\LimeWire\Saved\im a crip.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1 C:\i386\actconn.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\actdone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\acterror.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activ.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activate.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activerr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\activsvc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\actlan.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\actshell.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\act_plcy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\adeskerr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\adrdyreg.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\apolicy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\aprvcyms.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\areg1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\aregdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\aregdone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\autoupdt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\au_plcy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\badeula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\badpkey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\BYOA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ciadmin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\cnncterr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\3COM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AACRAID.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ACER640P.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ACLIENT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ACS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ADAPTEC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ADMPKW2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ADMPKXP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AHA8940.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AICDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ALKB2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ALPSPRT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\APFILTR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\APMERROR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ARTCAS6E.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ASSETCI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ATGUARD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ATKPROTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AVPGATEK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\AWARD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\BAYMAN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\BLACKICE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\BOSERROR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CALCOMP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CANO620P.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CANOS100.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CARDEXEC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CDR4VSD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CERTSRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CIMGR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CISCOACU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CLDVD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CLTMGR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CNBJ51.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CNMULTI1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQDIAGC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQIJ.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQKBD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQMULTI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQPNPMG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPQPWREX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CPUFEAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CRASHMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CRUISE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CRYSTAL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CS4281.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CSA64XX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CSMIGRAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CSREM32.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\CTZ_CRDL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DAYT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DECATAPI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DECML.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DELLPS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DELLTH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DELPERC2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DIRECTCD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DLCPROTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DMIBIOS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DOCKSVC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DRVNCDB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DSMU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DV_COMP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DV_GEN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\DWRITE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EICONTA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ELSAMX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ENSONIQV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ENSQAUDM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSCOLOR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSON1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSON3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSON4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSP1270.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EPSPHOTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\EXCHANGE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FAZAM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FIDMOU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FLOWCH7.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FTCOMP1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FTCOMP2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\FTCOMP3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GENERIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GENIUS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GLINT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\GSNW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HALHOOK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HDMIB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HDMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HERCULES.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP3300C.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP4050P6.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP4300C.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP5300C.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPAIO1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPAIO2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPCLJ450.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPCLJ850.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPCOMPAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ1000.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ610.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ810.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ815.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ830.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ880.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDJ900.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDMI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK10.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK11.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK12.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK13.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK14.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK5.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK6.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK7.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK8.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPDSK9.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPI_USB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLJ1100.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLJ4050.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLJ5E.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPLOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPMMKB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPNRD4M.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPOJG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPPS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPSMART.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPSPARNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HPTTIDM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\HP_PLD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\I2CNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IAVBOOT4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMIR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMMPG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMSVA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMTP4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBMVC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IBM_UMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ICPV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ICSUPGRD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ILS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IMATION.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INCOMPAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INITIO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTELAPP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTELATA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTELLIP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\INTLSISL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IOCLICK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IOMEGA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ISHRNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ISOTP4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ISVGINA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\IX526FC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\KMW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\KODK4800.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\KRNLCHK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LAPLINK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LAPLNK2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LDCM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEX3200.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEXDLC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEXOPTRA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LEXTCP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LM5700.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LM75.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LM78.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LMOPTRA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LMREPL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LOGITECH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LOGKCMD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LQDAUDIO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\LTMODEM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MACDRIVE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MAESTRO0.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MAXELL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCFILTER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCROTK60.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCROTKC3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MCROTKS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MELCO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MFPBR.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MFPHP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MGACTRL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MIN8E.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MINPW20.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MNLT1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MPATH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSMQCOMP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSP1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSP2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSSS3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MSTOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\MTA57080.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NAV5.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NBFPROTO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NDCPRTNS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NECPG1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NETFMIGT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NMSMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NTDSUPG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NTDSUPGD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NV_AGP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\NWCLI32.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OCABLOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OILCHG25.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OKIPG1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OKIPG2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OKIPG8W.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OMC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\OMNIPG10.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ONSTREAM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ORB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PALM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PANADVD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PANDA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCANY.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCCILLIN.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCIINFO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PCPNP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PELMOUSE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PFS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PHNIXAD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PLUST120.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\POWER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\POWPATH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PROCCNT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PROLIGHT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PS2CONT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PSTRIP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PUMACSM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\PWRICON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\QIC117.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\QUICK3.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\RCENTRL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\REACHOUT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\RIPTIDE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\RUNONCE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SBS45FXC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SBS50FXC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SCANDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SDSELECT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SFUNFSCG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SHARSHTL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIGMA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIIG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIIGC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SISV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SIWVID.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SKUSBKBF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNIDMI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNIDPMS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SNIPCI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SOFTOFF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SONIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SONYJDU.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SPXBLOCK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SQL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SSCNTRL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SSI365.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SSPOWER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\STB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SWOFF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SYSHWCFG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SYSMGMT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\SYSMON.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TITSB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TIVOLI.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TMASTER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TMDIGPRO.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TMDUALAG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TOPTOOLS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TOSDVD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPCHRSRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPCONFIG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPFUEL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TPPMPORT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TRIDWNW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBAPM.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBASD.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBDS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBHDDPW.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBMC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBSELBA.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSBVCAP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TSSCIDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\TT128.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\UMAX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\UTUPGR05.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\UTUPGR06.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VGAMODE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VIDAPPLT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VISN5300.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\VISN6100.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WACOMDRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WCE21.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WCGODRV.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WCMIGRAT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WEBSCANX.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WINACHSF.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WINSQL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\WTCLS2K.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX1.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX2.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX4.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX5.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROX6.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XEROXWCT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\XLINK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\YACXG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\YMHSYNTH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\COMPDATA\ZIPMAGIC.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\compname.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_data.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_multiple.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_networks.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\connected_wizard.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\contents.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dialtone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dialup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\DRDCommt.htm Infected: Trojan-Downloader.JS.Iframe.bes 1 C:\i386\drdyisp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\drdymig.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\drdyoem.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\drdyref.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dslmain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dsl_a.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dsl_b.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dtiwait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\dtsgnup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\footer.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\hndshake.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\hnwprmpt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\icntlast.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\iconnect.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ics.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\icsdc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ident1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ident2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0001.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0002.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0005.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0006.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0007.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0010.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0013.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ipp_0014.asp Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isp2busy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispcnerr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispdtone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isphdshk.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispins.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispnoanw.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isppberr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispphbsy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispsbusy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ISPTerms.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\isptype.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\ispwait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\jndomain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\jndom_a.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\keybd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\keybdcmt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\MDACReadme.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\miglist.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migpage.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migwiz.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\migwiz2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_a.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_b.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_c.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_d.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_e.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_g.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_h.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_i.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_j.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\mouse_k.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\msobshel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\neweula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\neweula2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\noanswer.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\oempriv.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\pberr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\prodkey.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\prvcyms.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\pulse.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\pxcpya64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxcpyi64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxinsa64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxinsi64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\rcnterr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rdtone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\refdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\reg1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\reg3.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\regdial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rhndshk.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rnoansw.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rnomdm.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rpberr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rpulse.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\rtoobusy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_better.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_easier.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_faster.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\safe_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\scntlast.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\sconnect.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\security.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\snd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_control.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_desktop.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_ending.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_files.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_icons.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_menu.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_taskbar.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\start_windows.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\timezone.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\toobusy.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_built.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_fr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_optimized.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\unlock_playing.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\updshell.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\username.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\welcome.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\WINNTUPG\FSFILTER.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\i386\WINNTUPG\UNSUPMSG.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\InstallShield\UpdateService\pm.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\1033\README.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\HTML\context.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\1033\EMPTY.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\OFFICE12\VS Runtime\1033\HelpWatermark.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\MCABOUT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Nullsoft\ActiveX\2.6\ampxtest.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Real\Update_OB\UI\msgoff.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\activation.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\component.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\help.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\not_connected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\no_connection_input.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\options.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\pleasewait.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\purchase.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\registration.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Roxio Shared\DLLShared\SAR_HTML\successful.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\HTML\ENU\err_not_connected.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Backup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Bootable.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\CD_from_discs.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\CD_from_files.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\CD_properties.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Control_panel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Data_disc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\DLA.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Exact_copy1.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Exact_copy2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Glossary.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Jukebox_disc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Listen.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Media_guide.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Mini_UI.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\More_help.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Saving_a_project.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Starting_a_project.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Tutorial_intro.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Tutorial\Upgrading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dmxprivacy.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dmxremote.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdabout.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdcontrols.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdgeneralsettings.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdhelp.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdinteractual.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdplaybacksettings.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdplaydisc.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\dvdplayfiles.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\Help\ENU\license.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell\Media Experience\SonicResources\ClickMe.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\CheckNow\html\checknow.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\Faqs\faqs.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\Intro\html\eula.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Dell Support\Intro\html\intro.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infoaudio.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infodvddecoder.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infomisc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\Common\profiler\infovideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\closed.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\control.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\loading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\nav.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\play.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\closed.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\control.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\loading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\nav.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\play.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\vidplay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\frame\1f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\frame\2f.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\premain.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\resume.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\sload.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\vari.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\vari2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\win\void.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\Patches\artisan\t2x\index.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\default\default.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdbar.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdbar2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdplayer.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdplayer2.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdvideo.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\dvdplayer\dvdwebstudio.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\InterActual\InterActual Player\weblinks\weblinks.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_de.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_es.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_fr.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_it.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ja.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_ko.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_sv.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\javaws\Readme_zh_CN.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\j2re1.4.2_03\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.5.0_09\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.5.0_10\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.5.0_11\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.6.0_01\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.6.0_02\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Java\jre1.6.0_03\Welcome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\loading.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\browser.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\InitData\Data\InfoCenter.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\Users\AlexC\Data\browser.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\Desktop Messenger\8876480\Users\AlexC\Data\InfoCenter.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Logitech\SetPoint\Readme.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\AccessWeb\CLNTWRAP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Office12\INTLBAND.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Microsoft Office\Templates\12\MseNewFileItems\HTMLPAGE.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\MsHotFix\MsHotFix.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\HosFAlt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\HosFErr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\PDPAlt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLfAlt.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLFDang.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\UrlFDnsS.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\UrlFErr.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\UrlFPhis.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLFScor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Resource\Share\147\URLFSusp.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Trend Micro\TIS16_1610\Setup\Serial.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\binds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\channel.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\grptrgcmd.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\grptrgeditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\grptrgvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\main.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\rank.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\record.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\server.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setup.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupbinds.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupevents.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupglobal.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupmisc.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupnetwork.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupoverlay.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupspeech.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupvoice.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\setupvoicetraining.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\sfx.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\srvprop.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\user.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-admin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-chanadmin.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-chanauth.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-display.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-info.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-network.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor-transmit.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Ventrilo\Doc\usereditor.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\CorelReg\EN\LocalError.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\CorelReg\EN\LocalHome.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\CorelReg\EN\LocalLoad.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\Readme.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Programs\UpsellUI\UpsellUI.htm Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\Shared\Help\customerservice.html Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\Program Files\WordPerfect Office 12\XML\DTD\XMLNEWS.HTM Infected: Trojan-Clicker.HTML.IFrame.aga 1 C:\_OTL\MovedFiles\01022010_153025\C_WINDOWS\system32\AVR10.exe Infected: Trojan.Win32.FraudPack.ajne 1 C:\_OTL\MovedFiles\01022010_153025\C_WINDOWS\system32\critical_warning.html Infected: Trojan.JS.Hoax.b 1 C:\_OTL\MovedFiles\01022010_153025\C_WINDOWS\system32\winhelper86.dll Infected: Trojan.Win32.Agent.deyu 1 Selected area has been scanned.

oldman960 View Member Profile	Jan 4 2010, 12:45 AM Post #12
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi shad0ws, Some bad news here. You are infected with a file infector called Virut. This would explain all the infected .htm files. In the middle of that list is this QUOTE C:\i386\pxcpya64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxcpyi64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxinsa64.exe Infected: Virus.Win32.Virut.ce 1 C:\i386\pxinsi64.exe Infected: Virus.Win32.Virut.ce 1 This infection can and will infect all the machine's executable files .exe, .scr plus .html and .htm. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine. More information can be found here and here. A Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain .exe, .scr, .hlm, .html files. Backup all your documents and important items only. data/documents/pictures/movies/songs/etc.. DO NOT backup any executable files (,exe .scr .html or .htm) Do Not back up compressed files (zip/cab/rar) files that may contain .exe or .scr files Reformat and Reinstall as outlined HERE A CD would be best, but a blank USB device will work. Make sure there aren't any executable on it. If you are going to use a USB device, I suggest you use a freshly formated one. After formatting it, use FDD on it backing anything up. Download Flash_Disinfector.exe by sUBs and save it to your desktop. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well. Wait until it has finished scanning and then exit the program. Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection. Be further advised that these infections may have backdoor capabilities. I suggest you do the following immediately: Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to. DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Feel free to ask any questions, but keep in mind a Reformat is the only way to clean this computer.

shad0ws View Member Profile	Jan 4 2010, 08:31 PM Post #13
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	is there any way to backup the drivers so i wont have to find all of them agian after the reinstall and format?

oldman960 View Member Profile	Jan 4 2010, 09:16 PM Post #14
Forum God Group: Classroom Teacher Posts: 13,817 Joined: 27-April 08 Member No.: 78,707 Operating System: win98se, XP pro, Win7 Ultimate	Hi shad0ws, Which drives are you looking to back up?

shad0ws View Member Profile	Jan 4 2010, 09:17 PM Post #15
New Member Group: Authentic Member Posts: 11 Joined: 2-January 10 Member No.: 89,660 Operating System: windows xp	hopefully as many as i can. ive had to reformat my computer for this same problem and i remeber it being a hastle to refind all my drivers. i was wondering if there was a easier way.

« Next Oldest · Virus, Spyware & Malware Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies	Topic Starter	Views	Last Action
Virus, Spyware & Malware Removal Need Help, My Pc Seems Infected 12	16	pbakhshi	5,082	3rd April 2005 - 06:46 PM Last post by: LDTate
Virus, Spyware & Malware Removal Winfix, mirar (and others) plaguing my system	12	sojo19	2,357	14th January 2006 - 09:41 PM Last post by: Piatan
Virus, Spyware & Malware Removal Think Im Infected Agian 12	20	alicets1979	5,624	11th April 2004 - 02:30 AM Last post by: Daemon
Virus, Spyware & Malware Removal The "belgiandip" Monster 12	19	Hardryve	3,371	9th May 2004 - 05:50 AM Last post by: Daemon
Virus, Spyware & Malware Removal Awola Antivirus - You're Computer Is Infected	0	islanmdonk	3,608	6th September 2007 - 03:25 PM Last post by: islanmdonk