View Full Version : Trojan.Zonebac
Below is the HiJack This log:
Thank you!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:49 PM, on 11/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Google Talk\bak\googletalk.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Yelena Rapoport.YELENA\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://netreg.service.emory.edu/CAT/CNICAT.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc4.exe (file missing)
--
End of file - 7623 bytes
ndmmxiaomayi
2007-11-15, 15:42
Hi rem777. :)
Step 1
Please download FindAWF by noadfear from Noadfear (http://noahdfear.net/downloads/FindAWF.exe) or Geeks to Go (http://noahdfear.geekstogo.com/FindAWF.exe).
Save it to your desktop.
Double click on FindAWF.exe to run it. Press any key to continue, followed by pressing the number 1 and pressing Enter.
A report will be produced once it's done. Please post this report as well as a new HijackThis log in your next reply.
Note: Do not select other options until you are told to do so.
Step 2
Open HijackThis.
Click on the Open the Misc Tools section button.
Look under System tools.
Click on the Open Uninstall Manager... button.
Click on the Save list... button.
It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
Notepad will open. Please post this log in your next reply.
In your next reply, please post:
FindAWF report
A new HijackThis log
The Uninstall list
FindAWF report
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Thu 11/15/2007
The current time is: 18:46:16.07
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\APOINT\BAK
10/07/2005 01:13 PM 176,128 Apoint.exe
1 File(s) 176,128 bytes
Directory of C:\PROGRA~1\DELLSU~1\BAK
08/28/2006 09:57 PM 395,776 DSAgnt.exe
1 File(s) 395,776 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
03/14/2007 06:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\NETWAI~1\BAK
09/10/2003 02:24 AM 20,480 NETWAITING.EXE
1 File(s) 20,480 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
02/16/2007 09:54 AM 282,624 QTTASK.EXE
1 File(s) 282,624 bytes
Directory of C:\PROGRA~1\SYMANT~1\BAK
05/27/2006 03:40 AM 124,656 VPTray.exe
1 File(s) 124,656 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
03/24/2006 07:14 PM 53,408 ccApp.exe
1 File(s) 53,408 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
12/09/2005 08:29 PM 49,152 DVDLauncher.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\DELL\QUICKSET\BAK
06/29/2006 12:13 PM 1,032,192 QUICKSET.EXE
1 File(s) 1,032,192 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
03/21/2007 02:36 AM 227,328 GoogleDesktop.exe
1 File(s) 227,328 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
10/12/2007 01:03 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK
01/01/2007 04:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
09/23/2005 11:08 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\VEOHNE~1\VEOH\BAK
10/17/2007 12:29 AM 3,313,664 VeohClient.exe
1 File(s) 3,313,664 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
05/11/2007 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
04/03/2007 10:50 PM 185,896 realsched.exe
1 File(s) 185,896 bytes
Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK
10/18/2006 05:58 PM 696,320 ifrmewrk.exe
10/18/2006 06:04 PM 802,816 ZCfgSvc.exe
2 File(s) 1,499,136 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes
Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK
03/09/2007 10:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes
Directory of C:\PROGRA~1\WAVESY~1\SERVIC~1\DOCMGR\BIN\BAK
09/08/2006 08:32 AM 102,400 docmgr.exe
1 File(s) 102,400 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
176128 Oct 7 2005 "C:\Program Files\Apoint\Apoint.exe"
176128 Oct 7 2005 "C:\drivers\mouse\onboard\Apoint.exe"
176128 Oct 7 2005 "C:\Program Files\Apoint\bak\Apoint.exe"
395776 Aug 28 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
267064 Sep 26 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 18 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
116024 Sep 26 2007 "C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\NETWAITING.EXE"
286720 Jun 29 2007 "C:\Program Files\QuickTime\QTTask.exe"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\QTTASK.EXE"
124656 May 27 2006 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
124656 May 27 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{56D29DBC-5EB7-4181-9C01-FEC11C4EA866}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{82AA8569-36EE-457D-B7E2-1BF27A1D90FB}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{9096C398-1D43-4B4C-9232-C3032C4EB3AE}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{CDCA5BBA-8D13-476E-8D22-FE00538F4EE8}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{EE96DE16-63DF-477D-B463-69177247D18E}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
53408 Mar 24 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
53408 Mar 24 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{56D29DBC-5EB7-4181-9C01-FEC11C4EA866}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{82AA8569-36EE-457D-B7E2-1BF27A1D90FB}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{9096C398-1D43-4B4C-9232-C3032C4EB3AE}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{CDCA5BBA-8D13-476E-8D22-FE00538F4EE8}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\rem777\Local Settings\Temp\{EE96DE16-63DF-477D-B463-69177247D18E}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe1192760350"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1032192 Jun 29 2006 "C:\Program Files\Dell\QuickSet\bak\QUICKSET.EXE"
52272 Nov 4 2007 "C:\Program Files\Google\googletoolbar1user.exe"
2027320 Jan 26 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
1145896 Oct 15 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Oct 12 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
227328 Mar 21 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager.exe"
1606064 Nov 4 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZQPUXYD\googletalk-setup[1].exe"
52272 Nov 4 2007 "C:\Program Files\Google\googletoolbar1user.exe"
2027320 Jan 26 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
1145896 Oct 15 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Oct 12 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
227328 Mar 21 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager.exe"
1606064 Nov 4 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZQPUXYD\googletalk-setup[1].exe"
52272 Nov 4 2007 "C:\Program Files\Google\googletoolbar1user.exe"
2027320 Jan 26 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
1145896 Oct 15 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Oct 12 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
227328 Mar 21 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager.exe"
1606064 Nov 4 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZQPUXYD\googletalk-setup[1].exe"
49152 Sep 23 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
3313664 Oct 17 2007 "C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185632 Oct 15 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe1192760359"
185896 Apr 3 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
696320 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe"
696320 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
802816 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
102400 Sep 8 2006 "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe"
102400 Sep 8 2006 "C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Document Manager Lite\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
end of report
The new HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:07 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\rem777\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://netreg.service.emory.edu/CAT/CNICAT.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc4.exe (file missing)
--
End of file - 6573 bytes
The Uninstall List will be posted in the next reply due to space constraints.
The Uninstall list
Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe® Photoshop® Album Starter Edition 3.2
AIM 6
Apple Mobile Device Support
Apple Software Update
Broadcom Gigabit Integrated Controller
Conexant HDA D110 MDC V.92 Modem
Dell Resource CD
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HouseCall 6.6
Intel(R) PROSet/Wireless Software
iTunes
Java(TM) 6 Update 3
LiveUpdate 3.1 (Symantec Corporation)
mCore
mDriver
Microsoft .NET Framework 2.0
Microsoft Office Standard Edition 2003
mMHouse
Mozilla Firefox (2.0.0.9)
mPfMgr
mProSafe
MSN
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
Novell iPrint Client v04.28.00
NVIDIA Drivers
OZ776 SCR CardBus Windows Driver
PowerDVD 5.7
QuickTime
RealPlayer
Rhapsody Player Engine
Securexam Student
Securexam Student
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SigmaTel Audio
Symantec AntiVirus
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Web Update Wizard (Redistributable) 4.0
Windows Defender
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
ndmmxiaomayi
2007-11-16, 18:45
Hi rem777. :)
Please open FindAWF again. This time, press the number 2 and pressing Enter.
Notepad will open. Please copy and paste the following in the Code box into this Notepad file. Make sure that it's after the line, not before.
"C:\Program Files\Dell Support\bak\DSAgnt.exe"
"C:\Program Files\NetWaiting\bak\NETWAITING.EXE"
"C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
"C:\Program Files\Dell\QuickSet\bak\QUICKSET.EXE"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Apoint\bak\Apoint.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\QTTASK.EXE"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
"C:\Program Files\Google\Google Talk\bak\googletalk.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe"
Click on File > Save. Do not choose the Save As... option.
FindAWF will now start removing the bad files. When done, a log will be produced. Do not close this log file.
Next, press the number 4. Once done, the tool will return to the main menu.
Press E and press Enter to close FindAWF.
Please post the FindAWF log file and a new HijackThis log in your next reply.
FindAWF report
Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully
The current date is: Fri 11/16/2007
The current time is: 12:52:33.46
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\APOINT\BAK
10/07/2005 01:13 PM 176,128 Apoint.exe
1 File(s) 176,128 bytes
Directory of C:\PROGRA~1\DELLSU~1\BAK
08/28/2006 09:57 PM 395,776 DSAgnt.exe
1 File(s) 395,776 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
03/14/2007 06:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\NETWAI~1\BAK
09/10/2003 02:24 AM 20,480 NETWAITING.EXE
1 File(s) 20,480 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
02/16/2007 09:54 AM 282,624 QTTASK.EXE
1 File(s) 282,624 bytes
Directory of C:\PROGRA~1\SYMANT~1\BAK
05/27/2006 03:40 AM 124,656 VPTray.exe
1 File(s) 124,656 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
03/24/2006 07:14 PM 53,408 ccApp.exe
1 File(s) 53,408 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
12/09/2005 08:29 PM 49,152 DVDLauncher.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\DELL\QUICKSET\BAK
06/29/2006 12:13 PM 1,032,192 QUICKSET.EXE
1 File(s) 1,032,192 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK
03/21/2007 02:36 AM 227,328 GoogleDesktop.exe
1 File(s) 227,328 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK
10/12/2007 01:03 AM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes
Directory of C:\PROGRA~1\GOOGLE\GOOGLE~3\BAK
01/01/2007 04:22 PM 3,739,648 googletalk.exe
1 File(s) 3,739,648 bytes
Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK
09/23/2005 11:08 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes
Directory of C:\PROGRA~1\VEOHNE~1\VEOH\BAK
10/17/2007 12:29 AM 3,313,664 VeohClient.exe
1 File(s) 3,313,664 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK
05/11/2007 02:06 AM 40,048 Reader_sl.exe
1 File(s) 40,048 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
04/03/2007 10:50 PM 185,896 realsched.exe
1 File(s) 185,896 bytes
Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK
10/18/2006 05:58 PM 696,320 ifrmewrk.exe
10/18/2006 06:04 PM 802,816 ZCfgSvc.exe
2 File(s) 1,499,136 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes
Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.2\APPS\BAK
03/09/2007 10:09 AM 63,712 apdproxy.exe
1 File(s) 63,712 bytes
Directory of C:\PROGRA~1\WAVESY~1\SERVIC~1\DOCMGR\BIN\BAK
09/08/2006 08:32 AM 102,400 docmgr.exe
1 File(s) 102,400 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
176128 Oct 7 2005 "C:\Program Files\Apoint\Apoint.exe"
176128 Oct 7 2005 "C:\drivers\mouse\onboard\Apoint.exe"
176128 Oct 7 2005 "C:\Program Files\Apoint\bak\Apoint.exe"
395776 Aug 28 2006 "C:\Program Files\Dell Support\DSAgnt.exe"
395776 Aug 28 2006 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Oct 18 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
116024 Sep 26 2007 "C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\NETWAITING.EXE"
20480 Sep 10 2003 "C:\Program Files\NetWaiting\bak\NETWAITING.EXE"
282624 Feb 16 2007 "C:\Program Files\QuickTime\QTTASK.EXE"
282624 Feb 16 2007 "C:\Program Files\QuickTime\bak\QTTASK.EXE"
125632 Dec 20 2006 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
124656 May 27 2006 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
124656 May 27 2006 "C:\Documents and Settings\Rem777\Local Settings\Temp\{56D29DBC-5EB7-4181-9C01-FEC11C4EA866}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{2431B680-ED01-4623-8938-7C84C901B20A}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\Rem777\Local Settings\Temp\{82AA8569-36EE-457D-B7E2-1BF27A1D90FB}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\Rem777\Local Settings\Temp\{9096C398-1D43-4B4C-9232-C3032C4EB3AE}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{CDCA5BBA-8D13-476E-8D22-FE00538F4EE8}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{EE96DE16-63DF-477D-B463-69177247D18E}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
125632 Dec 20 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{FFF248F5-DC20-4D2C-93B6-C62FAB40341B}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\program files\Symantec AntiVirus\VPTray.exe"
52840 Nov 21 2006 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
53408 Mar 24 2006 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
53408 Mar 24 2006 "C:\Documents and Settings\Rem777\Local Settings\Temp\{56D29DBC-5EB7-4181-9C01-FEC11C4EA866}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{2431B680-ED01-4623-8938-7C84C901B20A}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{82AA8569-36EE-457D-B7E2-1BF27A1D90FB}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{9096C398-1D43-4B4C-9232-C3032C4EB3AE}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{CDCA5BBA-8D13-476E-8D22-FE00538F4EE8}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{EE96DE16-63DF-477D-B463-69177247D18E}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
52840 Nov 21 2006 "C:\Documents and Settings\Rem777 \Local Settings\Temp\{FFF248F5-DC20-4D2C-93B6-C62FAB40341B}\{6AAC61FB-F9DA-4D5A-A943-B3058A8EF79A}\Redist\ccApp.exe"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe1192760350"
49152 Dec 9 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
1032192 Jun 29 2006 "C:\Program Files\Dell\QuickSet\QUICKSET.EXE"
1032192 Jun 29 2006 "C:\Program Files\Dell\QuickSet\bak\QUICKSET.EXE"
52272 Nov 4 2007 "C:\Program Files\Google\googletoolbar1user.exe"
2027320 Jan 26 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
1145896 Oct 15 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Oct 12 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
227328 Mar 21 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager.exe"
1606064 Nov 4 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZQPUXYD\googletalk-setup[1].exe"
52272 Nov 4 2007 "C:\Program Files\Google\googletoolbar1user.exe"
2027320 Jan 26 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
1145896 Oct 15 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Oct 12 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
227328 Mar 21 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager.exe"
1606064 Nov 4 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZQPUXYD\googletalk-setup[1].exe"
52272 Nov 4 2007 "C:\Program Files\Google\googletoolbar1user.exe"
2027320 Jan 26 2007 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\GoogleUpdater.exe"
1145896 Oct 15 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 Oct 12 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
227328 Mar 21 2007 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
68856 Oct 12 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
3739648 Jan 1 2007 "C:\Program Files\Google\Google Talk\bak\googletalk.exe"
126136 Oct 12 2007 "C:\Program Files\Google\Google Updater\2.2.969.23408\GoogleUpdaterRestartManager.exe"
1606064 Nov 4 2007 "C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8ZQPUXYD\googletalk-setup[1].exe"
49152 Sep 23 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 Sep 23 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
3313664 Oct 17 2007 "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"
3313664 Oct 17 2007 "C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
40048 May 11 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
185632 Oct 15 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe1192760359"
185896 Apr 3 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
696320 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
696320 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
802816 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
802816 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
63712 Mar 9 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe"
102400 Sep 8 2006 "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
102400 Sep 8 2006 "C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\bak\docmgr.exe"
102400 Sep 8 2006 "C:\Program Files\Dell\EMBASSY Trust Suite by Wave Systems\Embassy Trust Suite\Document Manager Lite\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe"
end of report
HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:00:49 PM, on 11/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Rem777 \Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://netreg.service.emory.edu/CAT/CNICAT.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc4.exe (file missing)
--
End of file - 7121 bytes
ndmmxiaomayi
2007-11-17, 06:39
Hi rem777. :)
Step 1
Right click here (http://www.mvps.org/winhelp2002/DelDomains.inf) and select Save Target As (or Save Link As in Firefox) and save it to your desktop.
Right click on DelDomains.inf and select Install. There will be no prompts; this is normal.
Step 2
Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck (untick) Hide extensions of known file types.
Uncheck (untick) Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.
Close My Computer.
Please delete these folders.
C:\Program Files\Apoint\bak
C:\Program Files\Dell Support\bak
C:\Program Files\iTunes\bak
C:\Program Files\NetWaiting\bak
C:\Program Files\QuickTime\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\QuickSet\bak
C:\Program Files\Google\GoogleToolbarNotifier\bak
C:\Program Files\Google\Google Talk\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Veoh Networks\Veoh\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\bak
C:\Program Files\Symantec AntiVirus\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Common Files\Symantec Shared\bak
Step 3
Double click on FindAWF.exe to run it. Press any key to continue, followed by pressing the number 1 and pressing Enter.
A report will be produced once it's done. Please post this report as well as a new HijackThis log in your next reply.
FindAWF Report
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Sat 11/17/2007
The current time is: 3:25:43.81
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\MESSEN~1\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
0 File(s) 0 bytes
Directory of C:\WINDOWS\SYSTEM32\DLA\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK
07/27/2004 04:50 PM 81,920 issch.exe
07/27/2004 04:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes
Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK
10/18/2006 05:58 PM 696,320 ifrmewrk.exe
10/18/2006 06:04 PM 802,816 ZCfgSvc.exe
2 File(s) 1,499,136 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
11/10/2005 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
696320 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
696320 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
802816 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
802816 Oct 18 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
end of report
New HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:56 AM, on 11/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\iprntctl.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\rem777\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://netreg.service.emory.edu/CAT/CNICAT.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Unknown owner - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Unknown owner - C:\WINDOWS\system32\WebUpdateSvc4.exe (file missing)
--
End of file - 7221 bytes
ndmmxiaomayi
2007-11-17, 10:41
Hi rem777. :)
Step 1
Please delete these folders.
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Messenger\bak
C:\Windows\system32\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Java\jre1.5.0_06\bin\bak
Step 2
Please download AVG Anti-Spyware (http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe) and save it to your desktop.
Double click on avgas-setup-7.5.0.50.exe to install AVG Anti-Spyware. Install it in the default location.
Once installed, start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
In the main screen, you should see Your Computer's Security. Next to Resident Shield, click on Change state. It should now be Inactive.
Next to Automatic Updates, click on Change state. It should now be Inactive.
Next to Last Update, click on Update now. If your firewall prompts you, tell your firewall to allow it. Should you be unable to update it, download the updates from here (http://download.ewido.net/avgas-signatures-full-current.exe). Save it to your desktop. Double click to run the installation and the updates will be installed. Make sure AVG Anti-Spyware is closed during the installation.
Right-click the AVG Anti-Spyware icon near the clock and uncheck (untick) Start with Windows. Confirm by clicking Yes. Now click on the Scanner button at the top.
Select the Settings tab.
Under How to act?, click on Recommended actions and select Quarantine.
Under How to scan?, check (tick) all the boxes.
Under Possibly unwanted software:, check (tick) all the boxes.
Under Reports:, uncheck (untick) the Only if threats were found box and select Do not automatically generate report.
Under What to scan?, select Scan every file.Do not run a scan yet. You will run a scan later.
Step 3
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All.
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Step 4
Please print out or save this set of instructions as you will not have internet access during the fix.
Reboot into Safe Mode by following the instructions below:
When you see BIOS screen, start pressing F8.
A boot menu will appear shortly.
Using the up down arrows, select Safe Mode and press the Enter key.
Windows will now load.
Log in to your usual account.
Step 5
Start AVG Anti-Spyware by going to Start > All Programs > AVG Anti-Spyware 7.5 > AVG Anti-Spyware.
Click on the Scanner button at the top.
Select the Scan tab.
Click on Complete System Scan to start the scan.
When the scan has finished, follow the instructions below.
IMPORTANT: Don't click on the Save Scan Report button before you did hit the Apply all Actions button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.Restart your computer in Normal Mode.
In your next reply, please post:
AVG Antispyware scan report
A new HijackThis log
This topic has been archived due to inactivity.
As it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened.
If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.