Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Freezing Up/trojans-- Hijack Log Included


  • This topic is locked This topic is locked
17 replies to this topic

#1 EscalatorKid

EscalatorKid

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 07 October 2007 - 09:07 PM

I have been having a major problem that is described in this forum.

Essentially, my computer freezes up at the desktop every time I go to click on something. I did delete a bunch of programs yesterday, and I have run several anti-spy/malware hunters, virus programs, etc. in SafeMode as previously suggested.

Here is my Logfile. (in SafeMode, as I cannot use the computer in any other way).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:40 PM, on 2007-10-07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Stephanie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/70efdf/games/files...aploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5223 bytes

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 12:29 AM

Hello EscalatorKid,

Download FindAWF:
http://noahdfear.net/downloads/FindAWF.exe
Save the file to the Desktop
Double-click the FindAWF icon.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced that we need to look at.
Please post it in your reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 12:45 AM

Yes, here it is.

Thanks for the response!

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 2007-10-09
The current time is: 1:40:20.45


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM\BAK

2005-08-05 03:08 PM 67,160 aim.exe
1 File(s) 67,160 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

2005-05-15 04:04 AM 332,800 DSAgnt.exe
1 File(s) 332,800 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

2004-10-13 12:24 PM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\PICASA2\BAK

2006-03-15 07:07 PM 421,888 PicasaMediaDetector.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2006-03-31 03:53 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 04:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2004-08-10 07:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK

2007-01-15 01:28 PM 108,160 ashDisp.exe
1 File(s) 108,160 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2005-08-05 11:05 PM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\COREL\CORELP~1\BAK

2005-11-16 08:08 PM 106,496 MediaDetect.exe
1 File(s) 106,496 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

2005-10-05 05:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

2006-03-31 03:59 AM 169,472 GoogleDesktop.exe
1 File(s) 169,472 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

2005-06-17 09:56 AM 139,264 iaanotif.exe
1 File(s) 139,264 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

2006-01-18 02:00 PM 8,192 mimboot.exe
2006-01-18 02:00 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\PLAXO\2510~1.21\BAK

2005-11-29 06:51 PM 179,784 PlaxoHelper.exe
1 File(s) 179,784 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

2006-03-31 03:53 AM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\BAK

2005-08-30 06:36 PM 823,362 pccguide.exe
1 File(s) 823,362 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

2005-09-08 07:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

2005-06-10 12:44 PM 81,920 issch.exe
2005-06-10 12:44 PM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

2007-09-13 08:46 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

2005-11-10 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\TMAS_OE\BAK

2005-08-15 09:38 PM 20,553 TMAS_OEMon.exe
1 File(s) 20,553 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28172 Oct 5 2007 "C:\Program Files\AIM\aim.exe"
67160 Aug 5 2005 "C:\Program Files\AIM\bak\aim.exe"
332800 May 15 2005 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
516096 Mar 15 2006 "C:\Program Files\Picasa2\PicasaUpdate.exe"
421888 Mar 15 2006 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
655360 Mar 15 2006 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
4789792 Jul 24 2006 "C:\Documents and Settings\Stephanie\Desktop\Internet Shortcuts\picasa2-current.exe"
98304 Mar 31 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
59392 Aug 10 2004 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
79224 Sep 6 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
108160 Jan 15 2007 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
344064 Aug 5 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
106496 Nov 16 2005 "C:\Program Files\Corel\Corel Photo Album 6\bak\MediaDetect.exe"
106496 Aug 31 2005 "C:\WINDOWS\Installer\$PatchCache$\Managed\8418B9A87DDDF844DBC65338683D3245\6.0.0\mediadetect.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
52272 Jan 25 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
69632 Aug 20 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
26694 Aug 22 2007 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
1145896 Sep 13 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jan 25 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169472 Mar 31 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
171448 Jan 25 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
139264 Jun 17 2005 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe"
8192 Jan 6 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Jan 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Jan 6 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Jan 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
179784 Nov 29 2005 "C:\Program Files\Plaxo\2.5.10.21\bak\PlaxoHelper.exe"
214296 Sep 13 2007 "C:\Program Files\Real\RealPlayer\realplay.exe"
26112 Mar 31 2006 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
823362 Aug 30 2005 "C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
28172 Oct 5 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 13 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
73801 Aug 15 2005 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEImp.exe"
86089 Aug 15 2005 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OL\TMAS_OLImp.exe"
20553 Aug 15 2005 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe"


end of report

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 08:40 AM

Hi EscalatorKid,

Looks like you have a nasty AWF infection.


Please double-click the FindAWF icon once again

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 2 then Enter to restore files from bak folders

A text file opens called: files.txt
Click below the line and paste the following list of files to be restored:


"C:\Program Files\AIM\bak\aim.exe"
"C:\Program Files\Dell Support\bak\DSAgnt.exe"
"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\ehome\bak\ehtray.exe"
"C:\WINDOWS\system32\bak\ctfmon.exe"
"C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
"C:\Program Files\Corel\Corel Photo Album 6\bak\MediaDetect.exe"
"C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
"C:\Program Files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
"C:\Program Files\Plaxo\2.5.10.21\bak\PlaxoHelper.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
"C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe"
"C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
"C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe"


Next, close and click Yes to save the changes.

Once files.txt is saved, FindAWF does the following:
-It attempts to terminate the process represented by each filename on the list, if running
-Deletes the rogue file from the parent folder, if present
-Copies the original file to the parent folder

When done with the above, it automatically runs a new scan and opens a new log.
Please provide the new FindAWF log in your reply
.

Edited by SifuMike, 09 October 2007 - 08:40 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 06:14 PM

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 2007-10-09
The current time is: 19:10:35.15


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\AIM\BAK

2005-08-05 03:08 PM 67,160 aim.exe
1 File(s) 67,160 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

2005-05-15 04:04 AM 332,800 DSAgnt.exe
1 File(s) 332,800 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

2004-10-13 12:24 PM 1,694,208 msmsgs.exe
1 File(s) 1,694,208 bytes

Directory of C:\PROGRA~1\PICASA2\BAK

2006-03-15 07:07 PM 421,888 PicasaMediaDetector.exe
1 File(s) 421,888 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

2006-03-31 03:53 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\EHOME\BAK

2005-09-29 04:01 PM 67,584 ehtray.exe
1 File(s) 67,584 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

2004-08-10 07:00 AM 15,360 ctfmon.exe
1 File(s) 15,360 bytes

Directory of C:\PROGRA~1\ALWILS~1\AVAST4\BAK

2007-01-15 01:28 PM 108,160 ashDisp.exe
1 File(s) 108,160 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2005-08-05 11:05 PM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\COREL\CORELP~1\BAK

2005-11-16 08:08 PM 106,496 MediaDetect.exe
1 File(s) 106,496 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

2005-10-05 05:12 AM 94,208 DMXLauncher.exe
1 File(s) 94,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

2006-03-31 03:59 AM 169,472 GoogleDesktop.exe
1 File(s) 169,472 bytes

Directory of C:\PROGRA~1\INTEL\INTELM~1\BAK

2005-06-17 09:56 AM 139,264 iaanotif.exe
1 File(s) 139,264 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

2006-01-18 02:00 PM 8,192 mimboot.exe
2006-01-18 02:00 PM 110,592 mm_tray.exe
2 File(s) 118,784 bytes

Directory of C:\PROGRA~1\PLAXO\2510~1.21\BAK

2005-11-29 06:51 PM 179,784 PlaxoHelper.exe
1 File(s) 179,784 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

2006-03-31 03:53 AM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\BAK

2005-08-30 06:36 PM 823,362 pccguide.exe
1 File(s) 823,362 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

2005-09-08 07:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

2005-06-10 12:44 PM 81,920 issch.exe
2005-06-10 12:44 PM 249,856 isuspm.exe
2 File(s) 331,776 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

2007-09-13 08:46 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

2005-11-10 01:03 PM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\TRENDM~1\INTERN~1\TMAS_OE\BAK

2005-08-15 09:38 PM 20,553 TMAS_OEMon.exe
1 File(s) 20,553 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

67160 Aug 5 2005 "C:\Program Files\AIM\aim.exe"
67160 Aug 5 2005 "C:\Program Files\AIM\bak\aim.exe"
332800 May 15 2005 "C:\Program Files\Dell Support\DSAgnt.exe"
332800 May 15 2005 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
516096 Mar 15 2006 "C:\Program Files\Picasa2\PicasaUpdate.exe"
421888 Mar 15 2006 "C:\Program Files\Picasa2\bak\PicasaMediaDetector.exe"
655360 Mar 15 2006 "C:\Program Files\Picasa2\cdautorun\PicasaRestore.exe"
4789792 Jul 24 2006 "C:\Documents and Settings\Stephanie\Desktop\Internet Shortcuts\picasa2-current.exe"
98304 Mar 31 2006 "C:\Program Files\QuickTime\qttask.exe"
98304 Mar 31 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
59392 Aug 10 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 Aug 5 2005 "C:\WINDOWS\$NtUninstallKB908246$\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\ehtray.exe"
67584 Sep 29 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 10 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
108160 Jan 15 2007 "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
108160 Jan 15 2007 "C:\Program Files\Alwil Software\Avast4\bak\ashDisp.exe"
344064 Aug 5 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
106496 Nov 16 2005 "C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe"
106496 Nov 16 2005 "C:\Program Files\Corel\Corel Photo Album 6\bak\MediaDetect.exe"
106496 Aug 31 2005 "C:\WINDOWS\Installer\$PatchCache$\Managed\8418B9A87DDDF844DBC65338683D3245\6.0.0\mediadetect.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
94208 Oct 5 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
52272 Jan 25 2007 "C:\Program Files\Google\googletoolbar4user.exe"
1476152 Feb 22 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe"
69632 Aug 20 2007 "C:\Program Files\Google\Google Earth\googleearth.exe"
26694 Aug 22 2007 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe"
1145896 Sep 13 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
138168 Jan 25 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
169472 Mar 31 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
171448 Jan 25 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
139264 Jun 17 2005 "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
139264 Jun 17 2005 "C:\Program Files\Intel\Intel Matrix Storage Manager\bak\iaanotif.exe"
8192 Jan 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe"
8192 Jan 6 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
8192 Jan 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
110592 Jan 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
110592 Jan 6 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
110592 Jan 18 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
179784 Nov 29 2005 "C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe"
179784 Nov 29 2005 "C:\Program Files\Plaxo\2.5.10.21\bak\PlaxoHelper.exe"
26112 Mar 31 2006 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Mar 31 2006 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
823362 Aug 30 2005 "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
823362 Aug 30 2005 "C:\Program Files\Trend Micro\Internet Security 12\bak\pccguide.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Sep 8 2005 "C:\Program Files\Roxio\DLA\install\dlactrlw.exe"
122940 Sep 8 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe"
249856 Jun 10 2005 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\isuspm.exe"
185632 Sep 13 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Sep 13 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
36975 Nov 10 2005 "C:\Program Files\Java\jre1.5.0_06\bin\bak\jusched.exe"
73801 Aug 15 2005 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEImp.exe"
86089 Aug 15 2005 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OL\TMAS_OLImp.exe"
20553 Aug 15 2005 "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak\TMAS_OEMon.exe"


end of report

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 06:50 PM

Hi EscalatorKid,

Would you have any ideas where you picked up whataboutadog? :thumbsup:

Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\AIM\bak
C:\Program Files\Dell Support\bak
C:\Program Files\Messenger\bak
C:\Program Files\Picasa2\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\ehome\bak
C:\WINDOWS\system32\bak
C:\Program Files\Alwil Software\Avast4\bak
C:\Program Files\Corel\Corel Photo Album 6\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Google\Google Desktop Search\bak
C:\Program Files\Intel\Intel Matrix Storage Manager\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\Plaxo\2.5.10.21\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Trend Micro\Internet Security 12\bak
C:\WINDOWS\system32\DLA\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Java\jre1.5.0_06\bin\bak
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\bak


Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 07:31 PM

I'm not sure where it came from... if I knew, I certainly would avoid that site because this is so annoying. This isn't the usual stuff that I've fixed before.

Here's the new log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2007-10-09
The current time is: 20:29:43.57


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

2005-08-05 11:05 PM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

344064 Aug 5 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"


end of report

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 07:42 PM

Hi

This AWF is a pain it the tush to remove. :thumbsup:



Please double-click the FindAWF icon once again
This time we are going to remove some folders.

If a Security Alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 3 then Enter to remove bak folders

A text file opens called: folders.txt
Click below the line and paste the following list of folders to be removed:

C:\Program Files\ATI Technologies\ATI Control Panel\bak

Next, close and click Yes to save the changes.

When done with the above, FindAWF automatically runs a new scan and opens a new log that you need to post.
Please provide the new FindAWF log in your reply
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 07:54 PM

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 2007-10-09
The current time is: 20:53:39.51


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 08:55 PM

Hi EscalatorKid,

Great. :thumbsup:

To finish, run Option 4.

Double-click the FindAWF icon once again.
Use the following option: Press 4 then Enter to reset domain zones


When the program returns to the main menu, use the following option:
Press E then Enter to EXIT
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 09:41 PM

Thanks...

It helped at first (it's nice to know that junk is gone), but I'm still having my original problem when I restart in regular mode. I can open one IE window, and if I try to open a second, it freezes up, and says, "not responding" when I try to shut it. CTRL-ALT-DEL doesn't work, and basically, more than one window of any program cannot be open at any one time.

I did notice that the dormant anti-virus program I had a year ago (that had quit working for whatever reason) is now working again, even though I'd replaced it with Avast.

I can't figure this problem out...

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 09:45 PM

Hi EscalatorKid,

Lets see a fresh hijackthis log. Sounds like you are running two antivirus programs.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 09:49 PM

I want to get rid of PCCillin, since the subscription ran out a long time ago. It was pretty much dormant, and scans have failed for a while, and I could never figure out why. That's why I ended up with Avast, and until my fresh restart ten minutes ago, PCCillin hadn't worked for months.


I have to do this in SafeMode right now; I could try to get one when I'm started normally if you need it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:47:32 PM, on 2007-10-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Stephanie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/70efdf/games/files...aploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 5185 bytes

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:25 AM

Posted 09 October 2007 - 10:27 PM

I need to see the Hijackthis log run from the Normal Mode. The Safe Mode does not show all the processes.

Also, let's look in a different place for signs.

Open HijackThis 2.0.2
Press the button 'View Misc Tools Section'
Press the button 'open uninstall manager'
Press the button 'save list'
A notepad file will open.
Post the content here in your reply.
Close HijackThis.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 EscalatorKid

EscalatorKid
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Location:new york
  • Local time:05:25 AM

Posted 09 October 2007 - 10:39 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:23 PM, on 2007-10-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WallpaperToy\Wallpapertoy.Exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Stephanie\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://i.grab.com/media/70efdf/games/files...aploader_v6.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

--
End of file - 6457 bytes



Misc List:
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
avast! Antivirus
Blasterball 2
Caesar IV
CCleaner (remove only)
CEP - Color Enable Package
Conexant D850 56K V.9x DFVc Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support 3.1
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
EducateU
ELIcon
ESPNMotion
Flickr Uploadr 2.3
Flock (Photobucket Edition) 0.7
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Intel® Quick Resume Technology Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
Learn2 Player (Uninstall Only)
Linksys Wireless-G USB Network Adapter
Media Library Management Wizard
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Basic Edition 2003
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (1.5.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MySQL Connector/ODBC 3.51
NetWaiting
Otto
Personal License Update Wizard for Windows Media Player
Photo Pos Pro
Picasa 2
Plaxo Toolbar for Outlook and Outlook Express
Plus! MP3 Audio Converter LE
QuickTime
RCT3 Soaked
RealPlayer
Rhapsody Player Engine
RollerCoaster Tycoon® 3
Roxio DLA
Roxio Express Labeler
Roxio MyDVD Plus
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
SimPE 0.56 (alpha)
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SoulSeek Client 156c
SUPERAntiSpyware Free Edition
The Sims 2
The Sims 2 Pets
The Sims 2 University
Trend Micro PC-cillin Internet Security 12
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Virtools 3D Life Player
Wallpaper Changer for Windows XP
WebCyberCoach 3.2 Dell
WildTangent Web Driver
Windows Media Bonus Pack for Windows XP
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Creativity Fun Packs - Windows XP Power Toys
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890927
Windows XP Media Center Edition 2005 KB908246
Windows XP Video Screensaver Powertoy
WinRAR archiver




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users