[musicdex]

I think my PC has a virus. .exe files from C:/windows/system32 keep trying to connect to u47.cc. Fortunately my Sygate Firewall catches it. I've also had an "about:blank" IE page for few weeks, and I can't seem to permanently change it back to anything.

Platform = WinXp Service Pack 2
browser = Internet Explorer 6.0.2900.2180.xpsp_sp2_gdr.050301-1519

I've ran Cleanup, Ad-aware, CWShredder, Spybot S & D, Ewido & performed an online Trend Housecall scan. Ad-aware was able to delete everything it found EXCEPT "coolwwwsearch.homesearch". Spybot had the same results. I rebooted several times, but Spybot couldn't delete "coolwwwsearch.homesearch" because "files in use".

Here's a copy of my Hijack This and Ewido logfiles:

HIJACK THIS
Logfile of HijackThis v1.99.1
Scan saved at 10:33:34 PM, on 8/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\javanj32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\sdkby.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\John's old harddrive - keep\Computer\Virus Removal\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {4A67BA95-44A4-B092-0B59-C3871EBD99D3} - C:\WINDOWS\iewk32.dll (file missing)
O2 - BHO: Class - {FF9D8570-3BC8-F0CD-955B-16B58824EB57} - C:\WINDOWS\applk32.dll (file missing)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [mfcvr.exe] C:\WINDOWS\system32\mfcvr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [sdkby.exe] C:\WINDOWS\system32\sdkby.exe
O4 - HKLM\..\RunOnce: [javanj32.exe] C:\WINDOWS\system32\javanj32.exe
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appes32.exe" /s (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe



EWIDO
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:54:12 PM, 8/21/2005
+ Report-Checksum: D0B7F9AF

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16C710FD-4C93-9C02-15FC-681DF7937350} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1FE935FF-DB66-AC76-99D8-18EC1F0F013C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A7341C6-E89E-4FA4-FA53-876824FC88C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3061EF1C-F3C8-2DAB-24E0-C96288EB621D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{430B869B-EB6E-CBD3-5E4D-6D279372AA20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47B70B6F-A6B0-230A-43C3-9F9B5C710209} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61729E45-8F32-7D9A-9D6D-03684AA204D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66DEB589-B6D4-E95E-2E36-26287464CD11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7868EC16-8C67-1DBD-6D5A-EBB325881BD9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{817972EC-CAD1-C47C-A430-508B1E97DE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{846BBD24-8B2C-67B4-0850-9FF99094A213} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{932ECF21-1DCB-F962-4C70-56830E2BD255} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A37B1EF1-FF7A-A47A-8449-3BCE6606697A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A507C113-55E6-12CB-8EC0-BA8BE1F569B2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8EDB036-4D54-9260-4A3A-5F029E67878B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B53A1210-39B9-B7A9-EC40-490716CA4A8D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6233EB3-872F-7898-F4A8-3F6A3BAA6D57} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BF680029-9EFC-9F01-F3C3-ECC0A8DF53A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D847DBFE-4EE2-AF6C-D202-0D9795B9D820} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-682003330-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{045AE71F-801F-4A71-C593-6529CE594056} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-682003330-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Cleaned with backup
[2120] C:\WINDOWS\winov.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
[2384] C:\WINDOWS\iewk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Documents and Settings\Yo Daddy\Desktop\WinGuides_Tweak_Manager_v2[1].1_(20030401).zip/kxg.exe -> TrojanDownloader.INService.i : Error during cleaning
C:\John's old harddrive - keep\Computer\Virus Removal\backups\backup-20050813-210510-456.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\John's old harddrive - keep\Computer\Virus Removal\backups\backup-20050813-210510-844.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\John's old harddrive - keep\Computer\Virus Removal\backups\backup-20050821-170928-207.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\John's old harddrive - keep\Computer\Virus Removal\backups\backup-20050821-170928-823.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\1STBOOT.BMP:erfzg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\1STBOOT.BMP:jelfen -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\1STBOOT.BMP:lsqbv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\1STBOOT.BMP:miwio -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\1STBOOT.BMP:ylsge -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\abait.txt:ixiusp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\abait.txt:yoean -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addbk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addgr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addin.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addkx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addky.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addlb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addnc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addog32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addsb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addup.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adduu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addvq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addvq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addvs.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addwd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\addwg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\addxn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addxs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addym.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\AdvpackExt.log:swkru -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\AdvpackExt.log:zzxjtg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\AMS2INST.LOG:ayazmr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\AMS2INST.LOG:lggnq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apiai32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apidc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apidr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apihz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apike32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apimd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiof32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apios.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apipv32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apird.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apitc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apitx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyd32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apizd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appau.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appbb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appbz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appca.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appci32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appcw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appek32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apper32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appfu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appgd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apphm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\applk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\applk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appmg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apppi32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apppm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apppm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appqs32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appqy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appsz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptp.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apptp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appuz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\appzb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\appzg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlan.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlat32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlbf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlbh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlcg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlch32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlci.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlhh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atliy.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atliy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlki.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlmw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlpb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlqy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlro32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlrp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlte32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlvb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlvc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlwj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlwj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlwn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\atlzb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\BACKGRND.GIF:lzlmob -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Black Thatch.bmp:bsjlc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Black Thatch.bmp:dpbgh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Black Thatch.bmp:riqsk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Black Thatch.bmp:xjzak -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Black Thatch.bmp:zgyqy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:knngf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:lcojo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Blue Rivets.bmp:hyfgy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Blue Rivets.bmp:jkthk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Blue Rivets.bmp:xujgnk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:fxbbqw -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\bootstat.dat:ojobjk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:psijd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bootstat.dat:sazul -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\bootstat.dat:ycxola -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\brjee.dat:dqocq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\brjee.dat:ommzu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\brndlog.txt:njeyd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\brndlog.txt:qdhund -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Bubbles.bmp:cbtkg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Bubbles.bmp:gdxkg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Bubbles.bmp:oerck -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Bubbles.bmp:pywel -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\byuuq.log:umeag -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\byuuq.log:vorzb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\bzkwb.log:gqclr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Carved Stone.bmp:dxfdux -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Carved Stone.bmp:iyrjhb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Channel Screen Saver.SCR:lsrqb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Circles.bmp:zczugx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\clock.avi:pbbdn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\clock.avi:xkfye -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CLOUD.GIF:dgmezd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CLOUD.GIF:knlir -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cmsetacl.log:azhwh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:rsodn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cmsetacl.log:rwadd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:wuuix -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Coffee Bean.bmp:ysqoqa -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\commigrate.log:hdkdy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\commigrate.log:yqsopg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\commigrate.log:zuojp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\comsetup.log:akvgns -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\comsetup.log:hofcp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\comsetup.log:zfgsm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\config.dmp:aeira -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\config.dmp:buyje -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\config.dmp:svnvj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTENT.GIF:oqtutl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTENT.GIF:voosn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:hgdaj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\control.ini:ivuogk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\control.ini:rnham -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crag.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crashlog.html:egytki -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crashlog.html:qpdsf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crcp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crcp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crcv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crdd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crdt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crec32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\creh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\creo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crft.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crix.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crjk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crma.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crmj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crms32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crng.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cron32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\croq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\croq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crph32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crps32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crpx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crqa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crso32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crsu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crwd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crwg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\crws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crxl.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\crxu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cryc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cryc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crzn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crzq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cznuz.log:kwzbl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ap.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3as.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3db32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3df32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ea32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3em.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3fv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3hd32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3jl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3js.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3js.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3la32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3mi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3nw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3ou.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3pb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3tf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3tf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ua.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3uy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3xj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3yi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3yp32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\d3yp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3zm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\daroe.txt:islye -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\daroe.txt:senov -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Default.sf0:hrlzno -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\Default.sf0:hviym -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Default.sf0:mvjca -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Default.sf0:okzbo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Default.sf0:yiprs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Default.sfc:sqind -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DELETEFI.INI:btvly -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DELETEFI.INI:jrflbv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\DELETEFI.INI:ouxogr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DELETEFI.INI:ptcjj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DELETEFI.INI:uoemi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\desktop.ini:chkta -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\desktop.ini:zjwmqy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\djvff.dat:ycxola -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DOSREP.INI:aqgkc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DOSREP.INI:czvhsx -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DOSREP.INI:ikabo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DOSREP.INI:kuwrbs -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\DtcInstall.log:amftf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:difly -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\explorer.scf:lizyh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:rldtk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:sxlji -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\explorer.scf:wsjvpy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FaxSetup.log:wkvfi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\FaxSetup.log:xqhxe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:mugwu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\FeatherTexture.bmp:xczkda -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fgjhi.dat:ptcjjj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fsvcq.txt:ozhfo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fsvcq.txt:yodnm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fxoyl.dat:aoweld -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\GEARInstall.log:aeqdo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:ocqem -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:pytlw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:uipsho -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:wtbfi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\goorv.txt:bqxnx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\goorv.txt:clbsz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\goorv.txt:hlhpf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:flalg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:yfejk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:zasxk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPBELL.GIF:ajpoi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPBELL.GIF:bigya -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPBELL.GIF:qdgul -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPBELL.GIF:wckid -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPCD.GIF:myqzn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPGLOBE.GIF:wkxmzw -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\HLPLOGO.GIF:abaiv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPLOGO.GIF:lgbvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPLOGO.GIF:msigt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPLOGO.GIF:zrwdt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP1.GIF:hufxf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP1.GIF:lfdcj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPSTEP1.GIF:mnelv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP1.GIF:rdofr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPSTEP1.GIF:sgeeo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPSTEP2.GIF:twvzv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPSTEP2.GIF:wrbgo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP3.GIF:cxzor -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HLPSTEP3.GIF:ftrtki -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP3.GIF:hdnba -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP3.GIF:jgpcg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HLPSTEP3.GIF:qndvc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hnztd.log:ktjrr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\hnztd.log:tejnh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Houndstooth.bmp:bpwcoy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Houndstooth.bmp:cmrii -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Houndstooth.bmp:lxvzg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\Houndstooth.bmp:oztjj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpdj3740.his:dcdss -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpdj3740.his:vxlsui -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpdj3740.ini:orvvyw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpdj3740.ini:ufsxn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpfins_s04_main.dat:diqpk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpfins_s04_main.dat:whhuf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpfmdl_s04_main.dat:exyks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpfmdl_s04_main.dat:tqgbnt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hpvvy.log:nzkhn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\hrlzn.log:gafoi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HTMLHELP.HTM:jcqcu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HTMLHELP.HTM:oqyju -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HTMLHELP.HTM:otzzw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\HTMLHELP.INI:nnube -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\HTMLHELP.INI:qxqvm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\hywko.dat:dmdwf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\idebe.log:rhkdq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\idebe.log:uetur -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieaf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieai32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieav32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iecl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iecm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieec.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iego32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iego32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iehx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iejm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iejw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieli32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iemc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iemp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ienc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iepp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iepq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierl32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ierx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iete32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ietp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iewk32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieww.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iexp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ieye32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieym32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iis6.log:jbihf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iis6.log:wybgrz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iis6.log:zmcst -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\imsins.log:dgcvi -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\imsins.log:scxbxs -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\IOS.INI:ksnmo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IOS.INI:oogpb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\IOS.INI:ppqbm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IOS.INI:volct -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipab32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipag.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipar.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipbw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipct32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipdl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipds.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipds32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipdw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipec.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iped32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipgu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipgz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\iphf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipid32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipiu.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipiu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipiv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipiy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipjb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipko.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipkq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iplh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipnq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipoi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipoo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipps32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ippw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ippy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipqa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipuv32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipwi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipyi.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipyi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipyp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipzx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jautoexp.dat:bytoj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jautoexp.dat:cjvvm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jautoexp.dat:wprpvb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaac32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaap.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javacb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javado.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javagv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javaim32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javaiw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javajg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javajj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javajx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javama32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javana32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapf32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javapg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javarm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javatd32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javaux.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javave32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaxt32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javayf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javazs32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB830363.log:qydga -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB830363.log:wjkmxw -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB842787.log:cficlb -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB842787.log:fnbfy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB842787.log:gxqji -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB842787.log:npxfr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB873333.log:kjvkn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB873339.log:ohfne -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885250.log:mcdjh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885250.log:vmqwk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885626.log:bagzw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885626.log:iwznrx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885835.log:szsmyf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB885836.log:hdykkm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB885836.log:vlgdk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB885836.log:yqiyn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB886185.log:znohgv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887742.log:kufbs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB887742.log:wprpvb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887742.log:xdoud -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB887742.log:zzsrc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB888113.log:zefpe -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890046.log:davfvr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB890175.log:csqxil -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB890859.log:baica -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB890923.log:vwqto -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB891781.log:kavcz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893066.log:kxqab -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB893066.log:xeynke -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB893756.log:gqlhd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB893803v2.log:mbtnw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB894391.log:gocky -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB894391.log:hejsmh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB896358.log:xaddl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB896423.log:advwy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB896423.log:wckqh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB896428.log:kkcns -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB896428.log:rcavr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB896428.log:rrwsr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB896727.log:hvmmhl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB898461.log:bocdml -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB898461.log:pcvvko -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB899587.log:ibhvi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB899587.log:rinvu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB899591.log:hdnbe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB899591.log:rtqbjz -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\KB901214.log:leggv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB901214.log:oqbgd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\KB903235.log:cddgn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\KB903235.log:plfhsz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lbjfk.log:jdmth -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\lctyw.log:hmyvuc -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\lohmi.txt:gbsjd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\lohmi.txt:wutmk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\lrzvy.log:amqaom -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\lrzvy.log:nfytg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\lrzvy.log:ttowc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mdm.ini:iwaji -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mdm.ini:zjivh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mdm.ini:zjivhj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\medctroc.Log:dxghwm -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\mfcbp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcbs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcck32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfccv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcda.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcdd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcff.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcgd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfchi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfckg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfckm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfclr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfclv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfclw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfclw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcms.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcnm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcqb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcqs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcsj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcst32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcth32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcth32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfctm.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfctm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:

[Advertisements]

Hello and welcome to GeeksToGo! My name is Kat, and I will be helping you. I am working on instructions right now, and will post them as soon as I am finished.

[Kat]

Hello and welcome to GeeksToGo! My name is Kat, and I will be helping you. I am working on instructions right now, and will post them as soon as I am finished.

[Kat]

Ok here we go! You have a nasty about.blank infection. Hang in there with me, and we WILL get you cleaned up and on your way!

You should either print these instructions, or save them to a Notepad file on your desktop for easy access. Much of this fix will be done in Safe Mode, and you will probably not be able to connect to the internet at that time.

~Downloads~

1. Download CleanUp Install the program, dont run it yet, we will use it later.
2. Place a shortcut to Active Scan on your desktop for later use.
3. Download AboutBuster .
4. Download CWShredder .
5. Download SpSeHjfix
Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

~Update~

1. Update About:Buster

• Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
• Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
• Click "OK" at the prompt with instructions.
• Click "Update" and then "Check For Update" to begin the update process.
• If any updates exist please download them by clicking "Download Update" then click the X to close that window.
• Now close About:Buster

2. Update CWShredder

• Open CWShredder and click I AGREE
• Click Check For Update
• Close CWShredder

~Instructions~

1. Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

2. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

3. Please run about:buster by RubbeRDuckY:

• Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
• Click Yes to allow it to shutdown explorer.exe.
• It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
• When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
• Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end

4. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

5. Open the CleanUp program you installed earlier, and open it. Click the CleanUp button, and let it scan your computer and remove all the leftover nasties hiding in your Temp folders and such. NOTE: CleanUp also removes all cookies. You can choose to do a custom scan and UNcheck "delete cookies" if you wish, but I highly recommend you let it delete them all and then start fresh.

6. Disable a bad running service:

• Go to Start | Run
• Then type services.msc
• This will lauch a new window, scroll down on the list and search for (Workstation NetLogon Service) or ( 11Fßä#·ºÄÖ`I)
• Right click on this entry and select stop
• Now right click and select properties, you will get new box with tabs.
  In the General Tab, look for Start Up Type: in the drop down box select Disabled
• Click Apply then OK and close out of the console.

7. Please open HijackThis and click the "Do a system scan only" button. When it has produced the log, please place a check next to ONLY the following entries:(IF they are still present)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\dhsdx.dll/sp.html#44768
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\dhsdx.dll/sp.html#44768

O2 - BHO: Class - {4A67BA95-44A4-B092-0B59-C3871EBD99D3} - C:\WINDOWS\iewk32.dll (file missing)
O2 - BHO: Class - {FF9D8570-3BC8-F0CD-955B-16B58824EB57} - C:\WINDOWS\applk32.dll (file missing)

O4 - HKLM\..\Run: [mfcvr.exe] C:\WINDOWS\system32\mfcvr.exe
O4 - HKLM\..\Run: [sdkby.exe] C:\WINDOWS\system32\sdkby.exe
O4 - HKLM\..\RunOnce: [javanj32.exe] C:\WINDOWS\system32\javanj32.exe

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\appes32.exe" /s (file missing)


Now, please be sure that ALL other windows, programs, etc are closed other than HijackThis, and click the "Fix Checked" button.

8. Be sure you can View Hidden Files and folders by doing the following:

• Click Start
• Double click on “My Computer”
• Select Tools menu, and click on Folder Options..then click the View tab
• Under Hidden Files and Folders heading, select “Show hidden files and folders”
• uncheck the “hide protected operating systems files” options.
• Click “yes” to confirm, then click “ok”

9. Delete the following files (IF still present):
C:\WINDOWS\iewk32.dll
C:\WINDOWS\applk32.dll
C:\WINDOWS\system32\mfcvr.exe
C:\WINDOWS\system32\sdkby.exe
C:\WINDOWS\system32\javanj32.exe


10. Deleting an NT service:

• Reboot into SafeMode and do the following:
• Open HJT and click the "Open misc tools" section. Then click "Delete an NT service". In the text box paste or type 11Fßä#·ºÄÖ`I (WITH a space in front of the first 1) and click OK. Then let the machine reboot back into normal mode!

11. Click on the shortcut to ActiveScan you placed on your desktop earlier, (after connecting to the internet) and do a full system scan. Please be sure to SAVE the log from ActiveScan to your desktop.

12. Make a reply here. I need to see the following:

• New HijackThis log taken after all above steps are done
• copy of the ActiveScan report
• About.Buster log
• SpSeHjfix log

Also, let me know how things are running now!

[musicdex]

Kat:

Thanks for the help! I've followed your steps and am posting the logs you requested. In Safe mode, I saw that CWShredder was able to find and delete "coolwwwsearch.homesearch". I was able to change my IE homepage, and it stays fixed now.

HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 8:13:37 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yo Daddy\Desktop\Virus Help\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe


ACTIVESCAN REPORT
Incident Status Location

Spyware:Spyware/Petro-Line No disinfected C:\John's old harddrive - keep\Computer\Virus Removal\backups\backup-20050813-210510-844.inf
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
Adware:adware/navipromo No disinfected C:\WINDOWS\sdkib32.exe
Possible Virus. No disinfected C:\WINDOWS\TEMP\ASHeuristic\ProcessViewer.exe.vir
ABOUT BUSTER LOG

Scanned at: 5:13:16 PM on: 8/22/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 31


Removed Data Streams:
C:\WINDOWS\fsvcq.txt:pimem
C:\WINDOWS\hpvvy.log:vvmkn
C:\WINDOWS\KB883939.log:squtj
C:\WINDOWS\KB890175.log:rqihe
C:\WINDOWS\setupact.log:bwncd
C:\WINDOWS\vxlsu.txt:zjcat


Removed! : C:\WINDOWS\brjee.dat
Removed! : C:\WINDOWS\cjjbq.dat
Removed! : C:\WINDOWS\djvff.dat
Removed! : C:\WINDOWS\fgjhi.dat
Removed! : C:\WINDOWS\grkcz.dat
Removed! : C:\WINDOWS\jeazh.dat
Removed! : C:\WINDOWS\karan.dat
Removed! : C:\WINDOWS\lsjsw.dat
Removed! : C:\WINDOWS\nydxo.dat
Removed! : C:\WINDOWS\polpa.dat
Removed! : C:\WINDOWS\qrpkf.dat
Removed! : C:\WINDOWS\tnsyl.dat
Removed! : C:\WINDOWS\vljjj.dat
Removed! : C:\WINDOWS\xptnx.dat
Removed! : C:\WINDOWS\zjivh.dat
Removed! : C:\WINDOWS\system32\adgtr.dat
Removed! : C:\WINDOWS\system32\gcuza.dat
Removed! : C:\WINDOWS\system32\gfofs.dat
Removed! : C:\WINDOWS\system32\ginzc.dat
Removed! : C:\WINDOWS\system32\htuol.dat
Removed! : C:\WINDOWS\system32\igwgf.dat
Removed! : C:\WINDOWS\system32\iupgo.dat
Removed! : C:\WINDOWS\system32\junjm.dat
Removed! : C:\WINDOWS\system32\khjdj.dat
Removed! : C:\WINDOWS\system32\kyzxr.dat
Removed! : C:\WINDOWS\system32\leypo.dat
Removed! : C:\WINDOWS\system32\meaig.dat
Removed! : C:\WINDOWS\system32\mmogo.dat
Removed! : C:\WINDOWS\system32\mrdww.dat
Removed! : C:\WINDOWS\system32\nbzwj.dat
Removed! : C:\WINDOWS\system32\opcqe.dat
Removed! : C:\WINDOWS\system32\opkup.dat
Removed! : C:\WINDOWS\system32\otsum.dat
Removed! : C:\WINDOWS\system32\pgjdn.dat
Removed! : C:\WINDOWS\system32\rycpw.dat
Removed! : C:\WINDOWS\system32\snbfq.dat
Removed! : C:\WINDOWS\system32\vdpex.dat
Removed! : C:\WINDOWS\system32\wadbb.dat
Removed! : C:\WINDOWS\system32\wdagz.dat
Removed! : C:\WINDOWS\system32\wdsgh.dat
Removed! : C:\WINDOWS\system32\yckog.dat
Removed! : C:\WINDOWS\system32\yqjvp.dat
Removed! : C:\WINDOWS\system32\zwfyq.dat
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 31


Removed Data Streams:
C:\WINDOWS\fsvcq.txt:pimem
C:\WINDOWS\hpvvy.log:vvmkn
C:\WINDOWS\KB883939.log:squtj
C:\WINDOWS\KB890175.log:rqihe
C:\WINDOWS\setupact.log:bwncd
C:\WINDOWS\vxlsu.txt:zjcat


Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 5:20:40 PM on: 8/22/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 31

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

SpSeHjfix log

(8/22/05 5:22:10 PM) SPSeHjFix started v1.1.2
(8/22/05 5:22:10 PM) OS: WinXP Service Pack 2 (5.1.2600)
(8/22/05 5:22:10 PM) Language: english
(8/22/05 5:22:10 PM) Win-Path: C:\WINDOWS
(8/22/05 5:22:10 PM) System-Path: C:\WINDOWS\system32
(8/22/05 5:22:10 PM) Temp-Path: C:\DOCUME~1\YODADD~1\LOCALS~1\Temp\
(8/22/05 5:23:24 PM) Disinfection started
(8/22/05 5:23:24 PM) Bad-Dll(IEP): (not found)
(8/22/05 5:23:24 PM) Bad-Dll(IEP) in BHO: (not found)
(8/22/05 5:23:24 PM) UBF: 4 - UBB: 0 - UBR: 7
(8/22/05 5:23:24 PM) UBF: 4 - UBB: 0 - UBR: 7
(8/22/05 5:23:24 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar:
(8/22/05 5:23:24 PM) Stealth-String not found
(8/22/05 5:23:24 PM) Not infected->END

Edited by musicdex, 22 August 2005 - 09:34 PM.

[Kat]

Looking great! Let's just finish you up, shall we?

Open HiJackThis. It should open to a "New users quickstart" menu
Click "Open the Misc Tools section"
Click "Delete a file on reboot..."
In the "Enter file to delete on reboot..." window, navigate to:

Path goes here

And select the file

C:\WINDOWS\sdkib32.exe


Then click Open. After you click Open, HiJackThis will ask you if you want to restart your computer now. You do, so click Yes.


Do one more ActiveScan for me if you would, please so I can make sure everything is gone, and post a last HJT log for me!

[musicdex]

Kat:

I've successfully completed the instructions for HijackThis. However, ActiveScan is giving me some problems. When I choose to only scan "Local Disks", it completes and says nothing found. Unfortunately, there's no option to get a log on this one. When I select "My Computer", the scan goes for about an hour to an hour and a half and then quits suddenly. Even the web page closes itself without warning. In my previous post, I was able to complete a scan of "My Computer" after a few failed attempts, and produce a log. Last night I tried 4 times, lasting about 9 hours total, and each time the scanning pop up page and the ActiveScan homepage just disappear without a trace. When I get home today, I'll try again. If no luck, I'll at least post an updated Hijack This log.

John

[Kat]

If you are still having trouble with ActiveScan, you can run another Ewido scan. Let me know if either of those find anything. Please DO let me see another HijackThis log as well.

Everything still running ok?

[musicdex]

Yes, everything seems to be running fine. My IE homepage has stayed correct, and my desktop properties dialog box is back to normal. Here's my latest Ewido and Hijack This logs from today:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:00:15 PM, 8/24/2005
+ Report-Checksum: 9B9A3AA7

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{C881C594-6F3E-F3F1-EA4B-72C7CEA3E7DB} -> Spyware.CoolWebSearch : Cleaned with backup
C:\WINDOWS\addju32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\apiqy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ci32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3go.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipcj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ipmo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javava32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntgr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntzz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\syskb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\addur.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\apima32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\d3lm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\d3sb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipsx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\javaks.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\javapy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\mscy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysjr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysmg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysnr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM32\winof.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winbm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 6:00:47 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Yo Daddy\Desktop\Virus Help\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.yahoo.c...ex.html&.src=my
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

[Kat]

Hello again!! That log is still clean, and that's great!! I *could* send you on your way now, and I will if you wish.

However, one thing is niggling in the back of my mind still. Ewido found and removed a LOT of things the first time around, and I see there were still some lurking about that Ewido killed again this go 'round. I would like you to do another scan for me, just to be SURE nothing else is hiding from us before you go on your way. Are you game?? This scan is mind boggling...it can take a couple of hours to run. But it is WELL worth it. This is one of the most comprehensive scans there are.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:

• Memory
• Startup Folders
• Drive - All Local Drives
• Folder - then click "browse" to change the directory to C: (default is C:\Windows)
• Registry
• System Folders
• Services
• Include Sub-Directory
• Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.



If you want to proceed, get that scan done, and then post me a copy of the Infected Items List..if there is one!

[musicdex]

Okay, I'll do the scan you suggested. I did happen to notice that in my Registry there's still problem files. For example, I searched in the Registry for "netma32", which is one of the .exe files that kept trying to connect to the internet when I was in the heat of the battle with this virus. Well, this netma32, along with others, are still lurking in my Registry. Should I be worried? The netma32 is located 3 different locations:

HKEY_CLASSES_ROOT\CLSID\{looooooooong number}\LocalServer

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Search Assistant\ACMru\5603
This "5603" folder has about 20 similar files that were causing me problems. For example, sdkby, javahz, javayc, d3wb32, etc.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\ShellNoRoam\MUICache
This "MUICache" folder also has a lot of previously troublesome file names.

[Kat]

Let's clean up that registry problem, ok?


Please dowload: RegSeeker.

• Click on "Clean The Registry" in the left panel.
• Check all boxes (make sure the backup box in the lower left corner is selected!).
• After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
• Click "Quit RegSeeker"

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run RegSeeker again, do the same thing again if anything is found. Continue to run it until none to very few items are found. *Make sure to reboot between each run of the program.

[musicdex]

Okay, I'll run RegSeeker when I get home tonight. I did run MWav last night. The lines that showed up in the lower panel looked like quite a bit, so before copying/pasting here, I put in on a Word doc to see how much it was. 24 pages! Should I paste all that here?

[Kat]

no! Most of it is probably bad (empty) reg entries. Run the RegSeeker as instructed. Then do the MWav again. I bet it shows hardly anything once the RegSeeker is done!

[musicdex]

Phew! I ran the Regseeker quite a few times, then ran MWav. I've pasted below the results from that. Also, I've searched again in my Registry, and those files are still in the same locations:

HKEY_CLASSES_ROOT\CLSID\{looooooooong number}\LocalServer
Not found here anymore

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Search Assistant\ACMru\5603
This "5603" folder has about 20 similar files that were causing me problems. For example, sdkby, javahz, javayc, d3wb32, etc.
These are all still here

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\ShellNoRoam\MUICache
This "MUICache" folder also has a lot of previously troublesome file names.
These are all still here

Here's the results of the MWav scan (3 pages worth in Word). When I noticed the first thing listed, "Win32.Passma Virus", I searched on Symantec's website for instructions to remove. The instructions required going into the Registry and deleting a file, but when I went into the Registry the file wasn't at that location. I then searched the entire Registry for that file, but nothing was found. First I'll list what Symantec showed to do, then I'll list the MWav results.

Win32.Passma Virus removal instructions per Symantec
Navigate to the subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

In the right pane, delete the value:
"System Manager" = "%System%\SERVICEMGR.EXE"

MWav results
Object "Win32.Passma Virus" found in File System! Action Taken: No Action Taken.
Object "cws.smartsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{41C5FFFE-36DD-415D-9ED0-2976A342A1C8}" refers to invalid object "C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Core.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E64169B3-3592-47d2-816E-602C5C13F328}" refers to invalid object "C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Core.dll". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A80000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02500000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E40000.VBN infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E40001.VBN infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03040000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03040001.VBN infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03FC0000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04000000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04680000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04680001.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08900000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08900001.VBN infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940001.VBN infected by "Trojan-Downloader.Win32.Small.bau" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\My Downloaded Files\Warez\WarezP2P_DLC.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032829.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032830.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032831.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032832.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032833.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032834.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032835.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032836.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032837.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032838.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032839.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032840.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032841.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032842.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032843.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032844.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032845.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032846.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032847.dll infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032848.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032849.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032850.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032851.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032852.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File E:\John's old harddrive - keep\My Pictures\BlasterBlocks\blasterblocks.exe.tcf tagged as "not-a-virus:AdWare.WinFetcher.b". Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01A80000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02500000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02C80000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E40000.VBN infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02E40001.VBN infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03040000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03040001.VBN infected by "Trojan.Java.Femad" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03FC0000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04000000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04680000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04680001.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07C40000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07D00000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08900000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08900001.VBN infected by "Virus.Win32.Nsag.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940000.VBN infected by "Exploit.VBS.Phel.a" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08940001.VBN infected by "Trojan-Downloader.Win32.Small.bau" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08A00000.VBN infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\My Downloaded Files\Warez\WarezP2P_DLC.exe tagged as "not-a-virus:AdWare.NewDotNet". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032829.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032830.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032831.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032832.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032833.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032834.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032835.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032836.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032837.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032838.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032839.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032840.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032841.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032842.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032843.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032844.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032845.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032846.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032847.dll infected by "Trojan.Win32.Small.ev" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032848.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032849.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032850.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032851.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{C5906423-6CE6-4605-9522-4440B1DAD4C3}\RP103\A0032852.exe infected by "Trojan-Downloader.Win32.Agent.bq" Virus! Action Taken: No Action Taken.

[Kat]

Believe it or not, that MWav scan is ok. The things found in your Quarantine you can manually delete from your Anti VIrus program. The things found in the "System Volume" indicates your system restore is infected. However...do NOT set a clean restore point until we have your computer totally cleaned up, ok??

Let me see a new HijackThis log, and we'll go from there.