We were getting to those entries. I wanted more information from these scans first though. I didn't know there was another thread you were working in and as you can see there is more wrong than what is being revealed in the other thread. You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. This needs to be fixed or the other problems likely won't be completely healed.
This is a multiple step process, we are half way there
Double-click the
FindAWF icon once again
If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: From the Keyboard
Press 2 then Enter to restore files from bak foldersA text file will open called:
files.txtCopy the text in the Code box below.
Click below the line in files.txt and paste the following list of files to be restored:
"C:\hp\KBD\bak\KBD.EXE"
"C:\Program Files\Multimedia Card Reader\bak\shwicon2k.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\WINDOWS\system\bak\hpsysdrv.exe"
"C:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
"C:\Program Files\SBC Self Support Tool\SmartBridge\bak\MotiveSB.exe"
"C:\Program Files\Yahoo!\browser\bak\ybrwicon.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
"C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"
Next, close the text file and click
Yes to save the changes.
Once files.txt is saved, FindAWF does the following:
* It attempts to terminate the process represented by each filename on the list, if running
* Deletes the rogue file from the parent folder, if present
* Copies the original file to the parent folder
When done with the above, it automatically runs a new scan and opens a new log.
Please add the new
FindAWF log in your reply.