Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avg Didn't Find Anything But Have Trojan Clicker


  • Please log in to reply
25 replies to this topic

#1 siren1234

siren1234

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 03 October 2007 - 08:47 PM

Ok, this is what I am dealing with, Trojan.Agent.AFIO, Generic.Virtob, Win32.Small-GWM-trj, Trojan horse PSW.Agent.OVN, Win32.Trojan.Startpage and Adware Tracking Cookie, from what I know of.

I have scanned with Ad-Aware, Spybot, SpyCatcher, SUPERAntiSpyware, AVG and Avast, running Zonealarm as well. I don't know what else to do. It all happened when a buddy went on a crack site. PSW was the last problem I got right before running Hijack This. I am lost what is the next step?

I have had to re-install some programs b/c the .exe file was missing, had problems with system volumes. I have a new restore point right now and I dont think it is clean. I am not running anything else till I get a reply. Thanks.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:40:56 PM, on 10/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Lavasoft\aawservice.exe
F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
F:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\WgaTray.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
F:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/CAON0155
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Reader 7\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - F:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Internet Explorer Helper - {4B2C442C-4C2C-472B-4129-24AC2BC4C2DE} - C:\WINDOWS\system\wkccts32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] F:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = F:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6277 bytes

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 09 October 2007 - 01:07 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum siren1234 :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

You have Avast4 and AVG7 installed.
Its definitely not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them now,then restart your pc.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6 update 3'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

If you have previously downloaded ComboFix,please delete that version now.
Now download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 09 October 2007 - 04:47 PM

Ok, I did everything you asked here are the two logs, thanks.

ComboFix 07-10-10.1 - JEFF 2007-10-09 17:19:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.773 [GMT -4:00]
Running from: C:\Documents and Settings\JEFF\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\JEFF\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-10 to 2007-10-10 )))))))))))))))))))))))))))))))
.

2007-10-09 17:17 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 16:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-03 16:25 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\SUPERAntiSpyware.com
2007-10-02 17:34 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2007-10-02 17:34 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2007-10-02 17:34 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-10-02 17:34 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-02 17:33 1,798,144 --------- C:\WINDOWS\NuNinst.exe
2007-10-02 17:33 89,472 --------- C:\WINDOWS\system32\drivers\incdfs.sys
2007-10-02 17:33 25,600 --------- C:\WINDOWS\system32\drivers\incdpass.sys
2007-10-02 17:33 5,504 --------- C:\WINDOWS\system32\drivers\incdrec.sys
2007-10-02 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-02 17:27 40,960 --a------ C:\Program Files\Uninstall_CDS.exe
2007-10-02 17:01 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-10-02 17:01 212,480 --a------ C:\WINDOWS\pcdlib32.dll
2007-10-02 17:01 96,768 --a------ C:\WINDOWS\SlantAdj.dll
2007-10-02 17:01 73,216 --a------ C:\WINDOWS\ADE.DLL
2007-10-02 17:01 3,136 --a------ C:\WINDOWS\Ade001.bin
2007-10-02 17:00 <DIR> d-------- C:\Program Files\Smart Panel
2007-10-02 16:53 167,936 --a------ C:\WINDOWS\system32\kmw_show.exe
2007-10-02 16:53 102,400 --a------ C:\WINDOWS\system32\kmw_run.exe
2007-10-01 20:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 20:30 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-01 18:35 7,055,392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-01 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-01 18:32 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-10-01 18:32 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-10-01 18:30 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-10-01 18:06 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-01 16:38 <DIR> d-------- C:\Documents and Settings\JEFF\.housecall6.6
2007-10-01 16:37 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-10-01 16:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-30 19:17 <DIR> d-------- C:\Program Files\vso
2007-09-30 16:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-09-30 16:02 <DIR> d-------- C:\VundoFix Backups
2007-09-30 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-09-29 21:48 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-09-29 21:46 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2007-09-29 21:40 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2007-09-29 21:39 363,520 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2007-09-29 21:39 257,024 --a--c--- C:\WINDOWS\system32\dllcache\infocomm.dll
2007-09-29 21:39 61,440 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll
2007-09-29 21:39 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2007-09-29 21:39 15,872 --a--c--- C:\WINDOWS\system32\dllcache\inetin51.exe
2007-09-29 21:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll
2007-09-29 21:10 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-29 21:10 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-09-29 21:10 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-29 21:10 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-09-29 15:31 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\AdwareAlert
2007-09-29 11:58 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\Tenebril
2007-09-29 11:50 <DIR> d-------- C:\WINDOWS\system32\vMW03a
2007-09-29 11:50 <DIR> d-------- C:\Temp\xOe
2007-09-29 11:50 <DIR> d-------- C:\Temp
2007-09-29 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-09-29 11:23 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-09-29 11:23 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-09-29 11:23 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-09-29 11:23 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-09-29 11:23 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-09-29 11:21 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\TrueCrypt
2007-09-29 11:21 356,864 --a------ C:\WINDOWS\TrueCrypt Setup.exe
2007-09-29 11:21 193,632 --a------ C:\WINDOWS\system32\drivers\truecrypt.sys
2007-09-28 17:41 151,040 --a------ C:\WINDOWS\system32\wimadll.dll
2007-09-28 17:41 36,864 --a------ C:\WINDOWS\system32\cypher.dll
2007-09-28 16:12 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\Vso
2007-09-28 16:12 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-09-28 16:12 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-09-28 16:12 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-09-28 16:12 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-28 16:12 47,360 --a------ C:\Documents and Settings\JEFF\Application Data\pcouffin.sys
2007-09-27 12:30 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\BitTorrent
2007-09-27 10:28 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\DivX
2007-09-27 10:15 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-27 10:13 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\VideoReDoPlus
2007-09-27 10:05 43,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-09-21 17:32 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2007-09-21 17:27 <DIR> d-------- C:\Documents and Settings\JEFF\Application Data\InstallShield
2007-09-17 17:15 77,890 -ra------ C:\WINDOWS\system32\FTLang.dll
2007-09-17 17:15 60,572 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-09-17 17:15 48,625 -ra------ C:\WINDOWS\system32\ftserui2.dll
2007-09-17 17:15 28,449 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-09-11 19:14 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 21:04 85,196 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-10-02 22:54 --------- d-----w C:\Documents and Settings\JEFF\Application Data\Cyberlink
2007-10-02 22:04 --------- d-----w C:\Documents and Settings\JEFF\Application Data\Ahead
2007-10-02 21:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-02 21:28 --------- d-----w C:\Program Files\CyberLink
2007-10-02 00:49 --------- d-----w C:\Documents and Settings\JEFF\Application Data\Lavasoft
2007-09-30 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 15:27 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2007-09-30 03:38 --------- d-----w C:\Program Files\Web Publish
2007-09-30 03:38 --------- d-----w C:\Program Files\SiSLan
2007-09-30 03:38 --------- d-----w C:\Program Files\PhotoParade
2007-09-27 23:17 --------- d-----w C:\Documents and Settings\JEFF\Application Data\Roxio
2007-08-12 02:21 158,824 ----a-w C:\Documents and Settings\JEFF\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B2C442C-4C2C-472B-4129-24AC2BC4C2DE}]
C:\WINDOWS\system\wkccts32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-29 21:43]
"Zone Labs Client"="F:\Program Files\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"SpyCatcher Reminder"="F:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-07-09 11:56]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"ZoneAlarm Client"="F:\Program Files\ZoneAlarm\zlclient.exe" [2007-09-06 16:14]
"kmw_run.exe"="kmw_run.exe" [2002-12-23 11:02 C:\WINDOWS\system32\kmw_run.exe]
"MSWheel"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.exe" [2004-03-04 04:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SpyCatcher Protector.lnk - F:\Program Files\SpyCatcher\Protector.exe [2007-09-29 11:23:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CreataCard Gold 2 Forget Me Not Reminders.lnk]
backup=C:\WINDOWS\pss\CreataCard Gold 2 Forget Me Not Reminders.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JEFF^Start Menu^Programs^Startup^AutoBackup Launcher.lnk]
path=C:\Documents and Settings\JEFF\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
backup=C:\WINDOWS\pss\AutoBackup Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JEFF^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=C:\WINDOWS\pss\Forget Me Not.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
RunDll32 cmicnfg.cpl,CMICtrlWnd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4600 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr]
"C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
F:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kmw_run.exe]
kmw_run.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
F:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
regsvr32 /s mqrt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"F:\program files\quicktime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
"C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\system32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
C:\WINDOWS\SiSUSBrg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StxTrayMenu]
"F:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"F:\Program Files\Adobe\Reader 7\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINCINEMAMGR]
"F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
f:\PROGRA~1\Logitech\iTouch\iTouch.exe

R1 lkbdhlpr;Logitech Keyboard Class Helper Driver;C:\WINDOWS\system32\Drivers\lkbdhlpr.sys
R1 SiSEsc;SISLIB_ESC;C:\WINDOWS\system32\sisesc.sys
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys
R3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 07:02:11 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-10 17:38:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-10 17:42:16
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:44:19 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
F:\Program Files\SpyCatcher\Protector.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/CAON0155
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Reader 7\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - F:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: Internet Explorer Helper - {4B2C442C-4C2C-472B-4129-24AC2BC4C2DE} - C:\WINDOWS\system\wkccts32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] F:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = F:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5577 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 09 October 2007 - 05:15 PM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\WINDOWS\system32\vMW03a
C:\Temp\xOe


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it into your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: Internet Explorer Helper - {4B2C442C-4C2C-472B-4129-24AC2BC4C2DE} - C:\WINDOWS\system\wkccts32.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"



Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Standard
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will start the program and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste the contents of that file into your next reply.

Also post a new Hijackthis log.
Let me know how your pc is running now please.
Posted Image
Posted Image

#5 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 09 October 2007 - 08:31 PM

The web pages are moving a lot quicker now. Having a problem when Zone Alarm is open with web pages, I have to shut it off in order to surf the net. That is all I noticed so far. Here are the 3 logs for you, thanks for the quick reply.


C:\WINDOWS\system32\vMW03a moved successfully.
C:\Temp\xOe moved successfully.

Created on 10/10/2007 19:27:33




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 10, 2007 9:25:55 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 10/10/2007
Kaspersky Anti-Virus database records: 403822
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 57865
Number of viruses found: 1
Number of infected objects: 9
Number of suspicious objects: 0
Duration of the scan process: 01:42:23

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\JEFF\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm59.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm6E.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm87.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm88.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JEFF\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\JEFF\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{30A8A574-1AEB-45C7-B94C-717A235758D2}\RP36\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen\VSO.ConvertXToDVD.2.2.3.exe/data0000.cab/VSOCON~1.EXE/wr-1-426.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen\VSO.ConvertXToDVD.2.2.3.exe/data0000.cab/VSOCON~1.EXE Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen\VSO.ConvertXToDVD.2.2.3.exe/data0000.cab Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen\VSO.ConvertXToDVD.2.2.3.exe Rsrc-Package: infected - 3 skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen.zip/VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen/VSO.ConvertXToDVD.2.2.3.exe/data0000.cab/VSOCON~1.EXE/wr-1-426.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen.zip/VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen/VSO.ConvertXToDVD.2.2.3.exe/data0000.cab/VSOCON~1.EXE Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen.zip/VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen/VSO.ConvertXToDVD.2.2.3.exe/data0000.cab Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen.zip/VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen/VSO.ConvertXToDVD.2.2.3.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen.zip ZIP: infected - 4 skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{30A8A574-1AEB-45C7-B94C-717A235758D2}\RP36\change.log Object is locked skipped

Scan process completed.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:28 PM, on 10/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\kmw_run.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\Program Files\SpyCatcher\Protector.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/CAON0155
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Reader 7\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - F:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] F:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = F:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5312 bytes

Edited by siren1234, 09 October 2007 - 08:50 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 10 October 2007 - 07:20 AM

The follow is infected with Trojan-Downloader.Win32.Small.eqn,so please delete it:
G:\Programs to Keep\VSO.ConvertXToDVD.v2.2.5.8 Incl Keygen.zip

Your log is clean :thumbsup:
If all's ok,please do the following:

Please double-click OTMoveIt.exe to run it.
Click on the 'Cleanup' button Posted Image
When you do this a text file named cleanup.txt will be downloaded from the internet.
If you get a warning from your firewall or other security programs regarding OTMoveIt attempting to contact the internet you should allow it to do so.
When the 'Confirm' box appears click 'Yes'.
Restart your pc when prompted.

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.


Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found in the link below,to help you prevent any possible future infections:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Posted Image
Posted Image

#7 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 10 October 2007 - 06:19 PM

OK, deleted the .zip file as asked, did everything on the last post. I also ran Kaspersky again just in case, and there was 1 folder and 3 files that came up again dealing with that program associated with the .zip file, I deleted all them. Now I am doing to do everything in your last post again and then I will re-post. Do you want me to post any logs?? Thanks.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 10 October 2007 - 06:37 PM

Do you want me to post any logs??

Nope,just let me know how you get on,also let me know how your pc is running when you've done.
Posted Image
Posted Image

#9 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 10 October 2007 - 08:19 PM

OK, did everything again, scanned with AVG didn't find anything, I am scanning again with Kaspersky, once that is done I will post again. Can't tell about speed of PC until after the scan. Any advice with the Zonealarm problem---not letting me through IE? It was fine before I checked and the settings are the same, even removed IE and allowed it after and still the same. Thanks again.

#10 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 10 October 2007 - 09:17 PM

OK, Kaspersky came back with nothing, I have to say THANK YOU SO VERY MUCH, I have learned a lot doing this, and I am going to prepare so that it doesn't happen again. The computer is back to where it was when I first got it, speed wise. Thanks again.

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 11 October 2007 - 05:17 AM

Topic re-opened at the request of member.

Edited by RichieUK, 13 October 2007 - 04:33 AM.

Posted Image
Posted Image

#12 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 12 October 2007 - 09:37 PM

I thought everything was fine until I did a Kaspersky scan tonight. I had Virtumonde, Win32 and now what?? Here is the log from Kaspersky and HJT. Thanks.

KASPERSKY ONLINE SCANNER REPORT
Friday, October 12, 2007 10:12:29 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/10/2007
Kaspersky Anti-Virus database records: 408618
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
I:\
Scan Statistics
Total number of scanned objects 52342
Number of viruses found 5
Number of infected objects 359
Number of suspicious objects 0
Duration of the scan process 03:12:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\JEFF\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm59.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm5A.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm5D.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temp\fnm5E.tmp Object is locked skipped
C:\Documents and Settings\JEFF\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\JEFF\My Documents\My PhotoParades\Special Portrait Offer.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\Documents and Settings\JEFF\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\JEFF\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ArcSoft\Software Suite\Web Registration\registration.html Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\Program Files\Common Files\Microsoft Shared\Stationery\Competint.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\1033\NORTBOTS.HTM Infected: Trojan-Clicker.HTML.IFrame.ce skipped
C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\POSTINFO.HTM Infected: Trojan-Clicker.HTML.IFrame.ce skipped
C:\Program Files\Common Files\Microsoft Shared\web server extensions\50\bin\_VTI_INF.HTM Infected: Trojan-Clicker.HTML.IFrame.ce skipped
C:\Program Files\epson\ScanToWeb\Web-toc.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\Program Files\Java\jre1.6.0_02\Welcome.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{30A8A574-1AEB-45C7-B94C-717A235758D2}\RP42\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JEFF-7EE3135AE7.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\repairRedist.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\DefaultWsdlHelpGenerator.aspx Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\error.aspx Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\about_support.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\Favorites.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\ftshelp.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\History.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\Index.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\isupport.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\keywordhelp.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\options.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\searchblurb.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\searchtips.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\blurbs\tools.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\CompatCtr\AboutCompat.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\CompatCtr\CompatMode.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\CompatCtr\CompatOffline.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\CompatCtr\LearnCompat.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\ErrMsg\ErrorMessagesOffline.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\errors\badurl.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\errors\connection.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\errors\indexfirstlevel.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\errors\notfound.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\errors\offline.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\errors\redirect.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\errors\unreachable.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\NetDiag\dglogs.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\NetDiag\dglogshelp.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\ConnIssue.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\LearnInternet.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\RAHelp.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Common\RCMoreInfo.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAChatClient.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAToolBar.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Client\setting.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\voicefirewallmsg.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar1.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar2.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAChatServer.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServer.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAServerToolBar.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\SettingServer.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\msinfo.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\RSoP.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysConfigLaunch.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysDiskTS.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysInfoLaunch.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfomain.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfosum.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\AboutWU.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\LearnInternet.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\learnWU.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\System\UpdateCtr\updatecenter.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pss_getting_worldwide_help.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RAHelp.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\Adobe\SVG Viewer 3.0\ReadMe.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\system32\Adobe\SVG Viewer 3.0\SVGHelp.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5b4.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT06b53.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06b87.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Engineering07.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Forms.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Forms01.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Forms02.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Hanko.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Hanko01.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Hanko02.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Hanko03.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Hanko04.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Hanko05.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo00.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo01.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo02.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo03.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo04.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo05.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo06.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo07.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\HowTo08.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review01.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review02.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review03.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review04.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review05.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review06.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review07.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review08.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review09.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review10.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review11.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review12.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review13.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review14.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review16.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review17.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review18.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review19.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review20.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review21.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review22.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review23.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Review28.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign02.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign04.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign05.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign06.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign07.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign09.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign11.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\HowTo\ENU\Sign13.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\Legal\Adobe Reader\7.0.0\en_US\license.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Adobe\Reader 7\Reader\plug_ins\PictureTasks\Howto\picturetasks_ENU.html.tmp Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Corel\Languages\EN\Custom Data\SWFDefaultTemplate.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Draw\drawbrowser\index.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
F:\Program Files\Corel\Languages\EN\Draw\ravebrowser\index.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
F:\Program Files\Corel\Languages\EN\Help\customerservice.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Help\techsupp.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Readme.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Tutorials\Corel RAVE Tutorials\alogo1.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Tutorials\Corel RAVE Tutorials\banner1.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Tutorials\Corel RAVE Tutorials\final.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Languages\EN\Tutorials\Corel RAVE Tutorials\rv_tut.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Languages\EN\Tutorials\Corel RAVE Tutorials\testing.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Languages\EN\Tutorials\Corel RAVE Tutorials\top.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Languages\EN\Tutorials\CorelDRAW Tutorials\dr_tut.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Languages\EN\Tutorials\CorelDRAW Tutorials\layout_project.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Corel\Languages\EN\Tutorials\PHOTO-PAINT Tutorials\pp_tut.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Languages\EN\Tutorials\PHOTO-PAINT Tutorials\transgif.html Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Corel\Readme.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\GET_1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\GET_2.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\INTRO_1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\OTHER_1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\PREV_1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\PRINT_1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\PRINT_2.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\SEARCH.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\SPECS_1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOC.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOCSEC1.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOCSEC2.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOCSEC3.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOCSEC4.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOCSEC5.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOCSEC6.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\EPSON\EPSON Web-To-Page\Manual\TOP.HTM.tmp Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\directlaunch.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\ergo.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\leftrightswap.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main_3btn.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main_5btn.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main_em7.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main_emc.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main_emp.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\main_orb.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\programbuttons.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\programexpert.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\register.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\scrolling.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\scrolling_orb.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\snapdefault.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\useingatrackball.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Kensington\MouseWorks\wiz_html\xyswap.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Office10\1033\ACREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\1033\FEEDBACK.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\1033\FPBROWSE.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Office10\1033\FPREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\1033\OFREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\1033\OLREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\1033\PPREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\1033\THANKYOU.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Office10\1033\WDREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cm skipped
F:\Program Files\Microsoft Office\Office10\1033\XLREAD10.HTM Infected: Trojan-Clicker.HTML.IFrame.cf skipped
F:\Program Files\Microsoft Office\Office10\INTLBAND.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Column With Contents.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Frequently Asked Questions.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Left-aligned Column.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\1center.tem\1CENTER.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\1cheads.tem\1CHEADS.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\1cleft.tem\1CLEFT.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\1cright.tem\1CRIGHT.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\2ceven.tem\2CEVEN.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\2cmenul.tem\2CMENUL.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\2cmenur.tem\2CMENUR.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\2cstagr.tem\2CSTAGR.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\3c2stagl.tem\3C2STAGL.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\3ceven.tem\3CEVEN.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\3cmenuc.tem\3CMENUC.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\3cmenul.tem\3CMENUL.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\3csidbar.tem\3CSIDBAR.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\4ccenter.tem\4CCENTER.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\4cstagc.tem\4CSTAGC.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\4cstagl.tem\4CSTAGL.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\biblio.tem\BIBLIO.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\confirm.tem\CONFIRM.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\faq.tem\FAQ.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\feedback.tem\FEEDBACK.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\guestbk.tem\GUESTBK.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\guestbk.tem\GUESTLOG.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\normal.tem\NORMAL.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\photo.tem\PHOTO.HTM Infected: Trojan-Clicker.HTML.IFrame.cm skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\photo.tem\REAL.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\photo.tem\REAL_P.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\reguser.tem\REGUSER.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\search.tem\SEARCH.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Pages\toc.tem\TOC.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Personal Web Page.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Right-aligned Column.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Simple Layout.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Table of Contents.htm Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\BOTTOM.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CATALOG.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CONTACT.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUAFTR.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUAHDR.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUCFRM.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUFOOT.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUHEAD.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUPOST.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUSRCH.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\CUSUTOC.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\DISCUSS.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\FAQ.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\FEEDBACK.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\INDEX.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\LEFT.HTM Infected: Trojan-Clicker.HTML.IFrame.cm skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\PRODUCTS.HTM Infected: Trojan-Clicker.HTML.IFrame.ce skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\SEARCH.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\SERVICE.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\SRVCLIST.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\SUGGEST.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\TOP.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\custsupp.tem\WHATSNEW.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\normal.tem\INDEX.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\ABOUTME.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\FAVORITE.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\FEEDBACK.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\INDEX.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\INTEREST.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\PHOTO.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\REAL.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\personal.tem\REAL_P.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\ARCHIVE.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\CONTACT.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\DISCUSS.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\FOOTER.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\HEADER.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\INDEX.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBAFTR.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBAHDR.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBCFRM.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBFOOT.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBHEAD.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBPOST.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBSRCH.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\KBTOC.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\LEFT.HTM Infected: Trojan-Clicker.HTML.IFrame.ci skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\MEMBERS.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDAFTR.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDAHDR.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDCFRM.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDFOOT.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDHEAD.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDPOST.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDSRCH.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\REQDTOC.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\SCHEDULE.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\SEARCH.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\Program Files\Microsoft Office\Templates\1033\Webs\project.tem\TOP.HTM Infected: Trojan-Clicker.HTML.IFrame.ck skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{30A8A574-1AEB-45C7-B94C-717A235758D2}\RP42\change.log Object is locked skipped
G:\Command\System\System 32\PB\1953.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1956.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1959.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1962.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1965.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1968.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1971.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1974.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1977.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1980.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1983.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1986.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1989.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1992.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1995.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\1998.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\2001.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Command\System\System 32\PB\2004.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Jokes\Clock.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Jokes\Insane.html Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Jokes\madcow.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\Jokes\Test.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
G:\Jokes\TheCarlosWorkNickNameGenera.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
G:\My Documents\ATV\b011_e.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\BEV-FTA\Extreme\How to's\Bring a unit back from the dead!! - Total FTA - The TOTAL Free To Air Community - Viewsat.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\BEV-FTA\Satellite Finders\Satellite Aiming Chart.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Compe-tint\Logos for\Corel\WebSite\Logo to print from.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
G:\My Documents\Express Vu Codes\Chas1962__s Newbie Guide\Chas1962_DishNetwork_Newbie_Guide.htm Infected: Trojan-Clicker.HTML.IFrame.ci skipped
G:\My Documents\Express Vu Codes\evuavr.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Express Vu Codes\evuavr_files\ADSAdClient31.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Express Vu Codes\Turnip Programming.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Express Vu Codes\Turnip Programming_files\ADSAdClient31.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Express Vu Codes\very_simple_jtag\very simple jtag\very_simple_jtag.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
G:\My Documents\Faxing in Windows XP.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Faxing in Windows XP_files\ADSAdClient31.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Faxing in Windows XP_files\listener.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\inches to mm conversion reference chart.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Land.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Lower back\Low Back Pain Exercise Guide.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Lower back\Low Back Program Exercises Portal.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Lower back\Lower Back Exercises & Stretches Free video clips on ExpertVillage_com.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\My PhotoParades\Special Portrait Offer.htm Infected: Trojan-Clicker.HTML.IFrame.cf skipped
G:\My Documents\Templates from Canadian Home workshop\CHW Online - Project - Heritage Spoon Rack.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\My Documents\Templates from Canadian Home workshop\CHW Online - Weekender - Recipe Shelf.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\TaS.com\Tas + ETD_files\header1.html Infected: Trojan-Clicker.HTML.IFrame.cf skipped
G:\Unzipped\lock35\lock35.htm Infected: Trojan-Clicker.HTML.IFrame.cm skipped
Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:32 PM, on 10/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
F:\Program Files\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\ZoneAlarm\zlclient.exe
F:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\kmw_run.exe
F:\Program Files\SpyCatcher\Protector.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theweathernetwork.com/weather/CAON0155
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Reader 7\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - F:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] F:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB002" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Scheduler.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = F:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - F:\Program Files\Lavasoft\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SmartLinkService (SLService) - Unknown owner - slserv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5298 bytes

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 October 2007 - 04:42 AM

Download the free trial version of Kaspersky Anti-Virus 7.0,but don't install it just yet:
http://www.kaspersky.com/trials

Now disconnect from the internet and stay off until instructed to do otherwise,this is important.
Remove/uninstall AVG7 Antivirus via Start/Control Panel/Add or Remove Programs,then restart your pc.

Now install Kaspersky Anti-Virus 7.0.
Reconnect to the internet and update Kaspersky's virus definitions.
Now run a full system virus scan.

Let me know how you get on.
Posted Image
Posted Image

#14 siren1234

siren1234
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 13 October 2007 - 02:23 PM

Wow, did that take a long time. I did everything, had to uninstall Zonealarm as well, scanned twice, seems to be ok, but that happened last time as well. Firefox won't load right now, computer seems to be slower again. Do you want to see any logs?? I am going to run a complete scan again, which takes about 3 hours. Is it worth purchasing Kaspersky, or keep AVG and Zonealarm? Thanks.

OK, just went in to unistall Firefox and re-install, there are only 1/4 of the programs in the add/remove programs folder that should be in there. Now what has happened?

Edited by siren1234, 13 October 2007 - 02:38 PM.


#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 October 2007 - 04:04 AM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Download and scan with the free 15 day trial of Counterspy V2
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menus at the side of each entry found,set EVERYTHING to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into your next reply.

Download\unzip to your desktop AVG Anti-Rootkit:
http://free.grisoft.com/softw/70free/setup...up-1.1.0.42.exe
Launch AVG,click on the 'Search for Rootkits' tab.
Then click on 'Perform in-depth search'.
When the scan has finished,right click on the scan results 'Save results'.
Copy and paste those results into your next reply.

Also post a new Hijackthis log,let me know whats happening now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users