TheTechGuide Forum

General Category => Tech Clinic => Topic started by: GrayPlover on August 12, 2005, 01:50:11 PM

Title: about:blank messes my PC
Post by: GrayPlover on August 12, 2005, 01:50:11 PM
Hello,

Recently this nasty bug got hold of my PC. Besides controlling my IE home page it extremely slows my Internet connection, it plants all these links in my bookmarks and also I get this pop ups once in a while.

I'm really not a PC expert and from reading a little about it, I tried to get rid of it with Ad-Aware SE, Spybot and even an Unregistered version of AdwareAway. Nothing helped, it keeps coming back. It seems that it somehow copies itself all the time.

I must say I don'y have any AV software installed, I figured it will not solve my problem as well.

Please help,  /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

----------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 21:44:44, on 12/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\atlft.exe
C:\WINDOWS\system32\mshm32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C7E1449D-6386-3242-D589-5595D2821C3B} - C:\WINDOWS\crcu.dll
O2 - BHO: Class - {F77B92FE-007F-550C-6210-910FC800897D} - C:\WINDOWS\system32\apppk.dll
O4 - HKLM\..\Run: [ntok32.exe] C:\WINDOWS\system32\ntok32.exe
O4 - HKLM\..\Run: [windr32.exe] C:\WINDOWS\system32\windr32.exe
O4 - HKLM\..\Run: [msuv.exe] C:\WINDOWS\system32\msuv.exe
O4 - HKLM\..\Run: [atlbj.exe] C:\WINDOWS\system32\atlbj.exe
O4 - HKLM\..\Run: [appug32.exe] C:\WINDOWS\system32\appug32.exe
O4 - HKLM\..\Run: [atlft.exe] C:\WINDOWS\atlft.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\system32\mfctx32.exe
O4 - HKLM\..\RunOnce: [apiek.exe] C:\WINDOWS\apiek.exe
O4 - HKLM\..\RunOnce: [javalw.exe] C:\WINDOWS\system32\javalw.exe
O4 - HKLM\..\RunOnce: [ntpx32.exe] C:\WINDOWS\system32\ntpx32.exe
O4 - HKLM\..\RunOnce: [mshm32.exe] C:\WINDOWS\system32\mshm32.exe
O4 - Startup: Netvision Cable Connect.url
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2355432-07A0-48C2-AF14-CDD6EBFEE40E}: NameServer = 194.90.1.5 212.143.212.143
O23 - Service: Workstation NetLogon Service ( 11Fה#·÷ִײ`I) - Unknown owner - C:\WINDOWS\system32\mfctx32.exe"  /s (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
Title: about:blank messes my PC
Post by: guestolo on August 13, 2005, 11:08:11 PM
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet

==Download and UNZIP to desktop CWSServiceremove.zip
So you now have Cwsserviceremove.reg on your desktop
We'll need this later
[attachment=310:attachment]

==Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster (http://\"http://www.malwarebytes.biz/AboutBuster5.zip\")
by RubbeR Ducky
Unzip it to that new folder
    *Open the AboutBuster folder you unzipped the contents too
    *Double click to run About:Buster.exe
    *Click the UPDATE button, and allow to update
    *Close out AboutBuster for now, we'll need it later
   
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")


Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Workstation NetLogon Service

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete these files if they exist
C:\WINDOWS\crcu.dll
C:\WINDOWS\system32\mfctx32.exe
C:\WINDOWS\system32\apppk.dll
C:\WINDOWS\system32\ntok32.exe
C:\WINDOWS\system32\windr32.exe
C:\WINDOWS\system32\msuv.exe
C:\WINDOWS\system32\atlbj.exe
C:\WINDOWS\system32\appug32.exe
C:\WINDOWS\atlft.exe
C:\WINDOWS\system32\mfctx32.exe
C:\WINDOWS\apiek.exe
C:\WINDOWS\system32\javalw.exe
C:\WINDOWS\system32\ntpx32.exe
C:\WINDOWS\system32\mshm32.exe

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
DECLINE to Log off or Restart when scan is done.

==Open the Aboutbuster folder and Run About:buster.exe
Click the Begin Removal button
Can you please run this scan twice
When it's done it will produce a log in the Aboutbuster folder called
Ab logfile.txt
I'll need to see the log later

====Double click on cwserviceremove.reg and allow to add or merge to the registry

==Open Ewido Security Suite
Give it time to load
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gzhzk.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C7E1449D-6386-3242-D589-5595D2821C3B} - C:\WINDOWS\crcu.dll
O2 - BHO: Class - {F77B92FE-007F-550C-6210-910FC800897D} - C:\WINDOWS\system32\apppk.dll
O4 - HKLM\..\Run: [ntok32.exe] C:\WINDOWS\system32\ntok32.exe
O4 - HKLM\..\Run: [windr32.exe] C:\WINDOWS\system32\windr32.exe
O4 - HKLM\..\Run: [msuv.exe] C:\WINDOWS\system32\msuv.exe
O4 - HKLM\..\Run: [atlbj.exe] C:\WINDOWS\system32\atlbj.exe
O4 - HKLM\..\Run: [appug32.exe] C:\WINDOWS\system32\appug32.exe
O4 - HKLM\..\Run: [atlft.exe] C:\WINDOWS\atlft.exe
O4 - HKLM\..\RunOnce: [mfctx32.exe] C:\WINDOWS\system32\mfctx32.exe
O4 - HKLM\..\RunOnce: [apiek.exe] C:\WINDOWS\apiek.exe
O4 - HKLM\..\RunOnce: [javalw.exe] C:\WINDOWS\system32\javalw.exe
O4 - HKLM\..\RunOnce: [ntpx32.exe] C:\WINDOWS\system32\ntpx32.exe
O4 - HKLM\..\RunOnce: [mshm32.exe] C:\WINDOWS\system32\mshm32.exe

O23 - Service: Workstation NetLogon Service ( 11Fה#·÷ִײ`I) - Unknown owner - C:\WINDOWS\system32\mfctx32.exe" /s (file missing)


After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

==Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

RESTART your computer back to Normal mode

Back in Windows
Download the The Hoster (http://\"http://members.aol.com/toadbee/hoster.zip\")
Unzip it to a folder, Open it, Press "Restore Original Hosts" and press "OK". Exit Program. Note: if you were using a custom Hosts file you will need to replace any of those entries yourself

==Look for a file called shell.dll in your C:\Windows\system32 folder
If it is not there, Go into System32\dllcache folder
Find shell.dll
Right click on shell.dll and choose copy from the menu. Then paste it into the
system32 folder

==Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the Security tab | Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Script ActiveX controls marked safe for scripting (Prompt)

You didn't appear to have removed Symantec's totally
I would check there website for manual removal instructions
If you need a hand, You will have to let me know the exact version you had installed
Afterwards
Run an Online Virus scan at Panda's, there's a link in my signature below
Scan your whole computer and post the Report when it's done

Also
Post back a fresh hijackthis log
The Ewido Report and the Ab logfile.txt from AboutBuster
Title: about:blank messes my PC
Post by: GrayPlover on August 14, 2005, 07:16:47 PM
Guestolo,

Many, many thanks for the detailed reply. As I said I'm not an expert in this but I think I somehow walked through it bravely.

First, not all the files I was supposed to delete I found:
I found C:\\WINDOWS\crcd.dll (and not crcu.dll)
I found C:\\WINDOWS\system32\ntoo.exe (and not ntok.exe)
I didn't delete those two. Is that OK?

I also couldn't found: apppk.dll, windr32.exe, msuv.exe and atlbj.exe under the system32 directory.

I also couldn't find all the entries on the Hijackthis Scan - the one that starts with R3, the two O2 and some of the R4. I also couldn't find the O23 entry.

I couldn't download "The Hoster". Maybe The Link is wrong?

Under the Access Interenet Options: Under what Tab can I find the ones that deals with the ActiveX Controls? I couldn't find it.

The Symantec removal - I remember I looked at their website but the manual option involed dealing with the Regitry so I was too afraid to do it. I could really use some help here. Where should I look in order to find the exact version?

Sorry for all that questions, I guess I'm very slow in learning all this stuff.

thanks again, and I'm attaching the logs you requsted.

----------------------------------------
HijackThis Log
----------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 03:10:17, on 15/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\eTSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vhscw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B9B4D825-E7E3-1B11-B330-FF6BF9825C81} - C:\WINDOWS\system32\iplw.dll (file missing)
O2 - BHO: Class - {D33BD905-8C98-ABCA-821E-A1C57B4F960F} - C:\WINDOWS\ntts32.dll (file missing)
O2 - BHO: Class - {DE009CAE-4B28-D350-13CF-E88F46A3C5C3} - C:\WINDOWS\apimg.dll (file missing)
O2 - BHO: Class - {EB63E320-5E1D-A1CC-878B-832365F1D0E3} - C:\WINDOWS\mfcml.dll (file missing)
O4 - HKLM\..\Run: [apptk32.exe] C:\WINDOWS\system32\apptk32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: Netvision Cable Connect.url
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2355432-07A0-48C2-AF14-CDD6EBFEE40E}: NameServer = 212.143.212.143 194.90.1.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         01:55:01, 15/08/2005
 + Report-Checksum:      C92503B7

 + Scan result:

   HKLM\SOFTWARE\Classes\CLSID\{05BCCFDC-9678-9095-77E8-18289DB38257} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{14697B9D-80B3-6F3E-5DD5-6A207F1EB529} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2CB91DCB-A5E9-DD47-0B46-E2380FC72EF2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3F18E16D-F794-AD29-32FD-2AA0E587716B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{44CE9131-E13C-D36A-083A-FAFF61E866CA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{46573A23-343E-58A3-FFA8-2F9550FE8774} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8E22B410-9A68-7588-EDE1-05BA98980E7E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9A711817-CADB-FD03-EBB1-4E2FC70601C2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A6A52EE5-30B5-6788-D99F-044CABAC5C5D} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AB8789CE-01B6-4B58-C2C0-77D8144D5741} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B91259B9-BE3B-D475-8861-62B879410E5E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C90592CB-B294-397E-DF83-995F7912652D} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C90592CB-B294-397E-DF83-995F7912652D} -> Spyware.CoolWebSearch : Cleaned with backup
   C:\WINDOWS\addar32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addbn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addhl32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addmc32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addof32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addop32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addsa.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addwf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addww.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addwz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addzo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apiba.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apide32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apied32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apijy.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apikp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apimg.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\apipx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apitg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apivn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appbb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appfy.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appgr32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appiv.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appkw.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appnr.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appnx.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appsk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appsp.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appsw.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apptv32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appui.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appul.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Ascd_tmp.ini:asvdrx -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\atlcb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atldw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atldx.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlft.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\atlgx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlhe.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atljm32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\atlmo32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlnt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atlpb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\atlue.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlun32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\atlut32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlws.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlxi.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlyo32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\atlze.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlzi.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\bootstat.dat:ktlbe -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\chipset.log:brado -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\chipset.log:dtajh -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\cmsetacl.log:nzwzz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cmsetacl.log:vzetf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\comsetup.log:vulob -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\control.ini:ykoek -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\crah.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\crat.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crer32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\cret32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crgm.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crhk.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crhq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crla.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crlq.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\crlq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crmb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crnl32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\cror.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crrh32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crvn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crws32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\crxy32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\cryf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cvbxp.log:jyfei -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\cvbxp.log:uxeium -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3cq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3hi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3jx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3ok.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3qm.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3rn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3ru32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3sa32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3se32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\d3to.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\dajkd.log:ourtr -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\dajkd.log:voiue -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\dajkd.log:vupta -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\desktop.ini:azmhm -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\desktop.ini:oneud -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\DtcInstall.log:nhthg -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\entrust.ini:gjusut -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\entrust.ini:gowhx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\entrust.ini:odtep -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\entrust.ini:saeng -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\epdxs.log:gilna -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\expoo.log:ojqdy -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\FaxSetup.log:yjesu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\FaxSetup.log:ywceo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fmuyf.log:gkjisz -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\fmuyf.log:mgobxs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fmuyf.log:rorfa -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\GEARInstall.log:ccgkdo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hamkd.txt:bfscj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hamkd.txt:kbpaa -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iebw32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\iebw32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ieco32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ieen.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iefc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iegd32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iegh.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iehk.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ieie.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iekt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ieom.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ieom32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ieom32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ieot32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iepx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iesl.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iest.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iesv32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\iesv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ietu32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ieub32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ievk.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ieyc.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iezl32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\iis6.log:fntww -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\iis6.log:pnlik -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\imsins.log:eunbdw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\imsins.log:vualx -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ipeu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipmi.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ippr32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipqf.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipqx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipue32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ipxi32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipxk32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipzr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javaea.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javaeq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javaes32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javafg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javafo32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javagg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javala32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javand.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javaow.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javaqu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javaqz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javazb32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\KB834707.log:xtcsn -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\KB885835.log:anxqe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB890175.log:ccnitc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB890175.log:gwddt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB890175.log:olvhk -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\kmmns.dat:iufcc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\louro.dat:rjnwa -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\louro.dat:tolsm -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\mfcba32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mfccs32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcep.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcfq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcfw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\mfchf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcic32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcjv32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcke.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfclh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\mfcml.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\mfcml.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcsq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\mfcvf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcvn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcwi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mfcyu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mhyug.txt:kkyku -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\MININU.LOG:ajkyq -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\MININU.LOG:eqwli -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msad.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mscf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msci.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msdfmap.ini:clrpw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msey32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msez.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msjo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msme32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msmv.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msqq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mssj.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mssl32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mssn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mstg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mswe.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mswz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msye32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\nbmdz.txt:nljuq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nbmdz.txt:qmuti -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\nbmdz.txt:xnhfg -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ncjyj.dat:lcnjm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netbb32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netcz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netfj.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\nethw32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netin32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\netir.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netkk.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\netml32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netoy32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netpk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netpo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netrr32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netrx.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netum32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\netun.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netwh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\nlpnh.txt:bojah -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ntba.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntbc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ntep.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntfd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntkb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntkd.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntog32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntpr32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\nttp32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntts32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ntxb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ntxb32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntxn32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntxu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntzr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_buqbrx.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_pgvvmb.dat -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_qlwapw.txt:iokqc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_qlwapw.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ocgen.log:bnyde -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ODBC.INI:djqfr -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ODBC.INI:vcyqp -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ohmpa.log:xwzwd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\onjoj.txt:mibeuh -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\pikxq.txt:oltxo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\REGLOCS.OLD:rcyrw -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\sdkej.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sdket.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sdklo32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sdkxa.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sessmgr.setup.log:eunbdw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupact.log:ervtx -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\setupact.log:mocws -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\setupact.log:uccwi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupapi.log:qniipa -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\setuperr.log:rnove -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\setuplog.txt:zlurlk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Sti_Trace.log:mocwsg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sysal32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sysbf.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\syscn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sysfk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sysfr32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\sysgf.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\sysgo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sysig32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\syspk32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\syssg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32:jraa.dll -> TrojanDownloader.Small.azk : Cleaned with backup
   C:\WINDOWS\system32\adddo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addhq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addhv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\addis32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addjv.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addli.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\addpt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\addrw32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addwf.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addwl32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addys32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apiah32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\apiah32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apics32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apigh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\apigh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apigm32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apiou32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apipt32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apirz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apisc.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apism.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apith.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apitm32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apiub.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apiwy32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apizz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appcd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appeu32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\appge32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apphf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apphk.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\appht.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\appiw.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\appjg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\appji.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appuf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlbg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlcq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlfr32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlhn32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlkx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlkz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlnz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlpw32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlqp.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlqu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlqz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlsa32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlut32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlvc32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlvu32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\atlwq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\crcl32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\crfo32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\crjh.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\crku32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\crls32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\crnj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crsk32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\crtt.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\cruc.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\cryw.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3as.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3et.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3ix32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3jc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3lu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3mz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3on.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3rm.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3xj.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3zb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\iecd.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ieiz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\iejb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ienn32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ieuk.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\iewj.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\iewl.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipcw.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipdi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipfk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipgu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipju.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipkd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iplq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iplw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\iplx.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipma.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipna.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipng.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipox32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipph.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipxc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\ipye32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ipzw32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javaaf.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javabe32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javabw32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javaif.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javakr.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javane.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javaql.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javarg.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javauo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javavm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcge.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcgs32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcii.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\mfcio32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcjc.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcjp32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfclc32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcpq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\mfcrn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcrx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfctn32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfctq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcub.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcwd.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcwf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcxt32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\msbj32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\msdy32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\msfj.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\msgs.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mskr.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\msqm32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netcr.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netkb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\netlm32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netmz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netos32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netqz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\nettx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\netvv.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netvx.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netww.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netyh.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netyo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netyp32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntcf.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntgy.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntho32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntlu32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\ntms32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntna.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntnh32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntoo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntou.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntpw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntrq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntxh.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntyp32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\ntyr.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntyy32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkch32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkcq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdken.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkgi.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\sdkjw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkkc32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\sdkmd32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkns32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkos32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkpf32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkqc.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkrv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkve.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkwh.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkxp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\syscp32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sysfg32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sysgd32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\syslb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sysle.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sysoe32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sysos32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\syspu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sysqj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\systo.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\syswm.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\wincv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\windj.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winfm32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\wingt32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winhs.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winlj32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winps.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\wintm.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\wintr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winuz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winwm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winxe.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winxk.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winxn32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\Thumbs.db:dfsdz -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\Thumbs.db:xpnop -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\tsoc.log:pkgmu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vb.ini:chaga -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vbaddin.ini:wpzql -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vtxhn.txt:fgdnv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vtxhn.txt:retzb -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\wiadebug.log:hysle -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\wiaservc.log:fnumd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\winamp.ini:mmnjh -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\winamp.ini:obtmm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winaq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\WindowsUpdate.log:btoyze -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\WindowsUpdate.log:uxwjy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\WindowsUpdate.log:xonrx -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\winea.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\wineq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\winia32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\winik32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\winll.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\winmh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\winnt.bmp:ojnru -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\winnt.bmp:tjqrd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\winnt256.bmp:savvb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winnt256.bmp:xmxojo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winoj32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\winqx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\wintf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winvm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winzx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\wmprfHEB.prx:lxamf -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\wmprfHEB.prx:qogwz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wmprfHEB.prx:vbfiz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wmsetup10.log:pnqud -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\zgnww.txt:ukxugn -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\zgnww.txt:wzlfcd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_default.pif:kaypt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_default.pif:rlqbq -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_default.pif:tbxgy -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:abdvnd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:abyzu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:aduyw -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:aobxj -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:aqeyu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:arhfvs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:arhltq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:atxia -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:auqsu -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:avjha -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:awrzdc -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bavkr -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bbindk -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bbtjam -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bedxo -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bkxir -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:blpsu -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bmaxh -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bmbun -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bqwpsx -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:bunfy -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:buwfzl -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:cexuo -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:cjduwp -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:cqfmi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:ctohp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:dfgsk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:djhci -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:dlvxck -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:dpehf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:dxlkmn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:dytgd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:ecmhk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:enqvc -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:ervqs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:fclie -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:fpuhmn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:fqnwa -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:ftmkii -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:fxtrqf -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:fyohei -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:gcout -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:gjsbt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:gkznos -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:grxxe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:gwpzpp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:gyivt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:gznpv -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:hhhcy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:hjyjob -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:hmodhr -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\_delis32.ini:htlutf -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:htxml -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:hxxyy -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:iertso -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:imjtd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:imryi -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:imwwm -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:incne -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:isglo -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:iuqby -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:ixaab -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:izpyu -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jehnc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jguzh -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jmolue -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jmtnva -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jmxokh -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:johcd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jpuws -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jpuxe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jqpdnr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jsknj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:jtmmyg -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:kbpea -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:kcdaf -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:kcdafn -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:kosoxx -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\_delis32.ini:kudice -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\_delis32.ini:kwshv -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_delis32.ini:lbgco -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:lexit -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:lhwkca -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\_delis32.ini:lklglr -> Spyware.SearchPage : Cleaned with backup


::Report End

------------------------------------------------------------------------
Title: about:blank messes my PC
Post by: GrayPlover on August 14, 2005, 07:20:42 PM
Sorry, The Aboutbuster Report was cut:

------------------------------------------------
AboutBuster 5.0 reference file 31
Scan started on [15/08/2005] at [01:12:56]
------------------------------------------------
Removed Stream! C:\WINDOWS\aukfr.log:aadrhe
Removed Stream! C:\WINDOWS\cmsetacl.log:spqfzm
Removed Stream! C:\WINDOWS\control.ini:lugkdr
Removed Stream! C:\WINDOWS\desktop.ini:euzpxc
Removed Stream! C:\WINDOWS\hifud.txt:jjoxxr
Removed Stream! C:\WINDOWS\hifud.txt:zltnv
Removed Stream! C:\WINDOWS\KB885835.log:mmkvnp
Removed Stream! C:\WINDOWS\KB890175.log:fmdapz
Removed Stream! C:\WINDOWS\ogift.log:doqpkh
Removed Stream! C:\WINDOWS\pikxq.txt:nhthgu
Removed Stream! C:\WINDOWS\rpfea.dat:gilnaf
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
Removed Stream! C:\WINDOWS\vbaddin.ini:xpnopt
Removed Stream! C:\WINDOWS\winnt256.bmp:asjmfq
Removed Stream! C:\WINDOWS\winnt256.bmp:hcdzgr
Removed Stream! C:\WINDOWS\zgnww.txt:kehpww
Removed Stream! C:\WINDOWS\_delis32.ini:afrpsv
Removed Stream! C:\WINDOWS\_delis32.ini:amnxzi
Removed Stream! C:\WINDOWS\_delis32.ini:axkfhh
Removed Stream! C:\WINDOWS\_delis32.ini:bbnjkp
Removed Stream! C:\WINDOWS\_delis32.ini:brbbjh
Removed Stream! C:\WINDOWS\_delis32.ini:dfsdzy
Removed Stream! C:\WINDOWS\_delis32.ini:dpdgxc
Removed Stream! C:\WINDOWS\_delis32.ini:dttfkf
------------------------------------------------
Removed File! : C:\Windows\lholy.dat
Removed File! : C:\Windows\lugkd.dat
Removed File! : C:\Windows\nxnxu.dll
Removed File! : C:\Windows\okrgp.dat
Removed File! : C:\Windows\oqylq.dat
Removed File! : C:\Windows\qbthr.dll
Removed File! : C:\Windows\qhqmz.dat
Removed File! : C:\Windows\qqdtm.dat
Removed File! : C:\Windows\rpfea.dat
Removed File! : C:\Windows\vgbga.dll
Removed File! : C:\Windows\vudgs.dat
Removed File! : C:\Windows\System32\baeaw.dat
Removed File! : C:\Windows\System32\ebdpn.dat
Removed File! : C:\Windows\System32\fwjgr.dat
Removed File! : C:\Windows\System32\hoybk.dat
Removed File! : C:\Windows\System32\jdehu.dat
Removed File! : C:\Windows\System32\pqwax.dat
Removed File! : C:\Windows\System32\sglok.dll
Removed File! : C:\Windows\System32\tetak.dat
Removed File! : C:\Windows\System32\wmeiv.dat
Removed File! : C:\Windows\System32\zwxin.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 01:14:53


AboutBuster 5.0 reference file 31
Scan started on [15/08/2005] at [01:15:49]
------------------------------------------------
Removed Stream! C:\WINDOWS\_delis32.ini:dygxlo
Removed Stream! C:\WINDOWS\_delis32.ini:essniu
Removed Stream! C:\WINDOWS\_delis32.ini:fdvrcy
Removed Stream! C:\WINDOWS\_delis32.ini:feihin
Removed Stream! C:\WINDOWS\_delis32.ini:ftxiso
Removed Stream! C:\WINDOWS\_delis32.ini:gjbqux
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 01:17:08
Title: about:blank messes my PC
Post by: guestolo on August 14, 2005, 07:51:02 PM
Your not quite there yet, but you did good

Let's still try the following
If this file is still around, can you delete it please
C:\\WINDOWS\crcd.dll <-file
and this one
C:\WINDOWS\system32\apptk32.exe

I see this in your running processes
Norton Internet Security Professional
Can you access your add/remove programs and possibly let me know what version it is
or navigate to this file
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
Right click on it and left click properties
If there is a version tab it may give a clue what version you had installed
Were you trying to get rid of all parts of Norton?

Can you remember if you had Norton Internet Security Professional 2004 or 2003 installed?

Click the Security tab>>Ensure Internet is highlighted>>Click Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Script ActiveX controls marked safe for scripting (Prompt)



Carry on with the following

Go to START>RUN>>type in msconfig
Hit OK
Under the General tab select NORMAL STARTUP
Apply it and close, but DON'T agree to restart the computer yet
Instead
Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vhscw.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B9B4D825-E7E3-1B11-B330-FF6BF9825C81} - C:\WINDOWS\system32\iplw.dll (file missing)
O2 - BHO: Class - {D33BD905-8C98-ABCA-821E-A1C57B4F960F} - C:\WINDOWS\ntts32.dll (file missing)
O2 - BHO: Class - {DE009CAE-4B28-D350-13CF-E88F46A3C5C3} - C:\WINDOWS\apimg.dll (file missing)
O2 - BHO: Class - {EB63E320-5E1D-A1CC-878B-832365F1D0E3} - C:\WINDOWS\mfcml.dll (file missing)
O4 - HKLM\..\Run: [apptk32.exe] C:\WINDOWS\system32\apptk32.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run About:Buster again

Restart your computer

Back in Windows
Download and Unzip   The Hoster (http://\"http://www.funkytoad.com/download/hoster.zip\")  to a folder
Open Hoster and
Press "Restore Original Hosts" and press "OK".
Then Exit

Did you happen to save the report from Panda's, I would of liked to see it also

Run another scan with Hijackthis and post a fresh log
Also again, include the whole report from About:Buster
Title: about:blank messes my PC
Post by: GrayPlover on August 15, 2005, 03:06:34 PM
O.K - 2nd round.

I deleted C:\\WINDOWS\crcd.dll
but could not find C:\WINDOWS\system32\apptk32.exe

The Norton Security Professional - I tried to get rid of it because at that time I had it installed BEFORE I had any Internet Connection. When I finally did a fast Internet Connection I could not manage to set it up and I thought it was because of the Norton. Plus I couldn't get it to do Live Update for some reason but I can't do Windows Update as well. I have Windows XP Service Spec II and I think it causes me all this strange problems. I also had Office Installed but couldn't get the Outlook to work, I think it somehow relate to the problem I can't do Windows Update.

I'm pretty sure it was Norton Internet Security 2004 (and not 2003). I navigated to this file NPROTECH.exe and its' version is 16.0.0.22.

I tried to do Scan with Panda but in the middle of the Scan the Window was closed. This also happened yesterday. Is there a trail version I can download and do it locally?

I also attach a fresh HijackThis report and The About:buster report.

----------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:04:30, on 15/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\eTSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - Startup: Netvision Cable Connect.url
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2355432-07A0-48C2-AF14-CDD6EBFEE40E}: NameServer = 194.90.1.5 212.143.212.143
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe


---------------------------------------------------------------------------

AboutBuster 5.0 reference file 31
Scan started on [15/08/2005] at [22:22:44]
------------------------------------------------
Removed Stream! C:\WINDOWS\_delis32.ini:grxxed
Removed Stream! C:\WINDOWS\_delis32.ini:hahkdh
Removed Stream! C:\WINDOWS\_delis32.ini:hwssme
Removed Stream! C:\WINDOWS\_delis32.ini:ierts
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:23:14


AboutBuster 5.0 reference file 31
Scan started on [15/08/2005] at [22:23:53]
------------------------------------------------
Removed Stream! C:\WINDOWS\_delis32.ini:ieycqt
Removed Stream! C:\WINDOWS\_delis32.ini:iniiyf
Removed Stream! C:\WINDOWS\_delis32.ini:itezfj
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 22:24:17
Title: about:blank messes my PC
Post by: guestolo on August 17, 2005, 12:20:14 AM
Have you seen this page to completely remove Norton's from your system
http://service1.symantec.com/SUPPORT/tsgen...l&osv=&osv_lvl= (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=hot&docid=2004020314035036&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=Norton%20Internet%20Security&ver=2004%20Professional&osv=&osv_lvl=\")

We should still get you an AV on your computer once we get Norton's properly removed
I have links to free ones if you need them
Title: about:blank messes my PC
Post by: leonjr1964 on August 18, 2005, 12:56:49 AM
Just thought I'd chime in here real quick. You can get Panda Platinum Internet Security 2005 for under $20 (including shipping) from sellers on Amazon.com.
Title: about:blank messes my PC
Post by: Guest on August 18, 2005, 04:37:10 PM
guestolo,

It's good to see the site is up again and running.

Tried the synNRT tool. It didn't erase this file:
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE

However it doesn't appear on the HijackThis log anymore.

My PC seems to work now. Home page is back again to normal. No Pop ups, and the Internet Connection seems to work, so Many Many thanks!!!

Any recommendations for AV or Firewall software's?

Logfile of HijackThis v1.99.1
Scan saved at 00:26:27, on 19/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\eTSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

O4 - Startup: Netvision Cable Connect.url
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124226305968 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124226305968\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2355432-07A0-48C2-AF14-CDD6EBFEE40E}: NameServer = 212.143.212.143 194.90.1.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
Title: about:blank messes my PC
Post by: GrayPlover on August 18, 2005, 04:39:34 PM
Sorry, but it was me above. Didn't see I was not not logged on.
Title: about:blank messes my PC
Post by: guestolo on August 21, 2005, 10:04:50 AM
Very sorry for the delay, I had troubles accessing the forums during the week, everything seems fine now

Your log looks good
If everything is running better, please do the following
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"

Let's get you that firewall and AV
If you check out the links I posted here
http://www.thetechguide.com/forum/index.php?showtopic=15894 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")
You will find links to  free versions of each program
You only need one AV and one Firewall running on your computer at any given time
More than one can cause conflicts
This includes XP's built in Firewall, after you install a third party firewall make sure you shut down the one built into XP

AV>>I prefer either AVG or AVAST
Firewall>>I prefer Sygates'
Decide which you prefer, remember, only use one

When your done the above can I have you post  one last Hijackthis log, let's make sure your still clean
Title: about:blank messes my PC
Post by: GrayPlover on August 21, 2005, 02:52:18 PM
Hi guestolo,

Thanks again. I've Installed SpywareBlaster, AVG and Sygate Personal Firewall.
I didn't installed IE-SpyAd, my IE version is 6.0 - SP2. Do IE-SpyAd support this version?

I attach the current HiJackThis Log file.

---------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:40:12, on 21/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\eTSrv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Startup: Netvision Cable Connect.url
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab (http://\"https://support.microsoft.com/OAS/ActiveX/odc.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124226305968 (http://\"http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124226305968\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2355432-07A0-48C2-AF14-CDD6EBFEE40E}: NameServer = 212.143.212.143 194.90.1.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\WINDOWS\system32\eTSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
Title: about:blank messes my PC
Post by: guestolo on August 21, 2005, 03:22:17 PM
Here's a copy and paste from the makers of IE-Spyad's home page

Quote
Windows XP SP2:

IE-SPYAD works just fine with the version of Internet Explorer that ships with Windows XP Service Pack 2. Moreover, even though Windows XP SP2 does make several significant privacy and security improvements to Internet Explorer, IE-SPYAD can still help to protect your privacy and security by restricting the functionality of untrustworthy web sites.

I have it on this computer with SP2 installed, no problems with it
The wife refuses to stray away from Internet Explorer  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Good work on getting all other protections, remember to disable XP's firewall if enabled
You don't need 2 running now that you have Sygate's installed
Title: about:blank messes my PC
Post by: guestolo on August 28, 2005, 10:56:48 AM
Since the problems appear resolved I'll lock this topic