Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

BAK folders

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

BAK folders

Unread postby sined » March 7th, 2008, 6:14 am

Hello,

I noticed that there is an increasing number of bak folders with executables inside which a removed from the place where they should be. This obviously prevent the related applications to be run and therefore I should copy back the executable. I tried to run ADAware with no success.
In the following the HJT log.

Thanks for your help,

Sined

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:59, on 07/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Secway\SimpPro\SimpPro.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://portal.accenture.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyehnl.nl.intra.net:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: ATLToolbar - {EE4A54D0-BAB4-11DB-9367-000FFE3C65F7} - C:\Program Files\Accenture\AccentureToolbar\ATLToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SimpPro\SimpPro.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: whitelist.lnk = C:\Program Files\Microsoft Office\whitelist.vbs
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com/
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://aulavirtuale.metid.polimi.it/Sit ... aterAx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accent ... rvices.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accenture.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IgniteService - Ignite Technologies - C:\Program Files\Accenture Connection\9341989\Program\IgniteService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe

--
End of file - 14261 bytes
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm
Advertisement
Register to Remove

Re: BAK folders

Unread postby ndmmxiaomayi » March 7th, 2008, 7:47 am

Hi,

Welcome to Malware Removal.

I'm going over your log now and will reply to you in a while.

Thank you for your patience.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby ndmmxiaomayi » March 7th, 2008, 1:05 pm

Hi again,

Step 1

Please download FindAWF by noadfear from Noadfear or Geeks to Go.

Save it to your desktop.

Double click on FindAWF.exe to run it. Press any key to continue, followed by pressing the number 1 and pressing Enter.

A report will be produced once it's done. Please post this report as well as a new HijackThis log in your next reply.

Note: Do not select other options until you are told to do so.

Step 2

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the leftmost column, click on Tools.
  4. On the middle column, click on Uninstall.
  5. At the bottom right hand corner, click on the Save to text file... button.
  6. By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  7. Close CCleaner.

Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.

In your next reply, please post:

  1. FindAWF report
  2. A new HijackThis log
  3. CCleaner install.txt file
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby sined » March 10th, 2008, 12:33 pm

Hello,

here are the logs.

Thanks for your help,

Sined

AWT:

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 10/03/2008
The current time is: 17:16:21.07


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ICQ6\BAK

19/12/2007 15:48 172,280 ICQ.exe
1 File(s) 172,280 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

28/06/2007 08:14 270,648 iTunesHelper.exe
1 File(s) 270,648 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

13/11/2006 12:39 1,289,000 wcescomm.exe
1 File(s) 1,289,000 bytes

Directory of C:\PROGRA~1\MOUSED~1\BAK

27/06/2004 13:54 503,808 MouseDrv.exe
1 File(s) 503,808 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/05/2007 08:45 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

04/02/2002 21:32 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

27/05/2006 14:06 85,744 VPTray.exe
1 File(s) 85,744 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

16/01/2006 21:01 53,248 AccelerometerSt.exe
04/08/2004 09:00 15,360 ctfmon.exe
06/06/2006 08:06 77,824 hkcmd.exe
06/06/2006 08:10 118,784 igfxpers.exe
06/06/2006 08:09 94,208 igfxtray.exe
5 File(s) 359,424 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

20/05/2005 08:11 925,696 smax4pnp.exe
1 File(s) 925,696 bytes


****************************************************************

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:32:06, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\Secway\SimpPro\SimpPro.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://portal.accenture.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyehnl.nl.intra.net:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: ATLToolbar - {EE4A54D0-BAB4-11DB-9367-000FFE3C65F7} - C:\Program Files\Accenture\AccentureToolbar\ATLToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SimpPro\SimpPro.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: whitelist.lnk = C:\Program Files\Microsoft Office\whitelist.vbs
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com/
O15 - Trusted Zone: *.accenture.com
O15 - Trusted Zone: *.whataboutadog.com
O15 - Trusted Zone: *.whataboutarabit.com
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://aulavirtuale.metid.polimi.it/Sit ... aterAx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accent ... rvices.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accenture.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IgniteService - Ignite Technologies - C:\Program Files\Accenture Connection\9341989\Program\IgniteService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe

--
End of file - 14411 bytes


**********************************************


CCLEANER:


µTorrent
Accenture CA Root Certificates
Accenture Connection
Accenture Delivery Estimating Models
Accenture's Financial Strategy v3.1
AccentureToolbar
AceMoney Lite
Ad-Aware 2007
ADM for Custom Development
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe SVG Viewer 3.0
Agere Systems HDA Modem
Artes France FE Patch v7.4
Artes France FE v7.3 (39 hours)
Artes France FE v7.3 (40 hours)
AVIcodec (remove only)
Babelgum 0.9.0.2552
Broadcom NetXtreme Ethernet Controller
CASE Studio 2 ver. 2.18
CCleaner (remove only)
Centra Client
Cisco IP SoftPhone
Cisco TSP
Compatibility Pack for the 2007 Office system
Critical Elements of Our Financial Statements v3.01
DivX Codec
DivX Player
DivX Web Player
Fingerprint Sensor Minimum Install
fring
FUJIFILM USB Driver
Garmin POI Loader
Garmin WebUpdater
GCPM Tool 10.0
Google Toolbar for Internet Explorer
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB885222)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896243)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB926239)
HP Credential Manager for ProtectTools
HP Embedded Security for ProtectTools
HP Mobile Data Protection System
HP ProtectTools Security Manager 2.00 C3
HP Quick Launch Buttons 6.00 D2
HP Smart Card Security for ProtectTools 5.00 D4
ICQ6
Installer Service
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
InterVideo DVD Check
InterVideo WinDVD
iPassConnect
iTunes
J2SE Runtime Environment 5.0 Update 1
Java(TM) SE Development Kit 6 Update 1
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.1.0 Full
LiveUpdate 3.0 (Symantec Corporation)
Lotus Notes
Macromedia Shockwave Player
Map Button (Windows Live Toolbar)
mCore
mDrWiFi
mHelp
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Dutch User Interface Pack
Microsoft Office 2003 French User Interface Pack
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Office Word 2003 Redaction Add-in
Microsoft Organization Chart 2.0
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (GCPM) (GCPM) (GCPM)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft XML Parser
mIWA
mLogView
mMHouse
Mouse Driver
Mozilla Firefox (2.0.0.4)
mPfMgr
mPfWiz
mProSafe
MS Powerpoint Template
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB927977)
mWlsSafe
mXML
mZConfig
Nortel Networks Contivity VPN Client
Opportunity Management Offline
PDFCreator
People Directory Offline
PoiEdit
Pointsec for PC
QuickTime
RealPlayer Intranet
Remove Hidden Data Tool
Revenue and Cost Calculator
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SimpPro 2.2
Skype 3.1
Skype Plugin Manager
Smart Menus (Windows Live Toolbar)
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Spybot - Search & Destroy 1.4
Symantec AntiVirus
Symantec Ghost Standard Tools
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Accenture Way To Negotiate v1.0
Time Zone Data Update Tool for Microsoft Office Outlook
TIPCI
Understanding US GAAP and Supporting Internal Controls v3.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB907265)
Update for Windows XP (KB908521)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VAIOSoft Recovery Manager
Vodafone Mobile Connect
WebFldrs XP
Windows Driver Package - Intel (NETw3x32) net (07/26/2006 10.5.1.59)
Windows Driver Package - Intel (w29n51) net (06/26/2006 9.0.4.17)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 9 Series
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows Support Tools
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890951
Windows XP Hotfix - KB891781
WinPcap 4.0
WinRAR archiver
WinZip
Wireshark 0.99.5
XML Notepad 2007
Yahoo! Messenger
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm

Re: BAK folders

Unread postby ndmmxiaomayi » March 10th, 2008, 2:11 pm

Hi,

The FindAWF report you've posted is incomplete. Please re-run FindAWF Option 1 and post back the FindAWF report.

Thanks. :)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby sined » March 11th, 2008, 5:34 am

Sorry!

Here it is.

Thanks, Sined



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 11/03/2008
The current time is: 10:23:29.23


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ICQ6\BAK

19/12/2007 15:48 172,280 ICQ.exe
1 File(s) 172,280 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

28/06/2007 08:14 270,648 iTunesHelper.exe
1 File(s) 270,648 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

13/11/2006 12:39 1,289,000 wcescomm.exe
1 File(s) 1,289,000 bytes

Directory of C:\PROGRA~1\MOUSED~1\BAK

27/06/2004 13:54 503,808 MouseDrv.exe
1 File(s) 503,808 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/05/2007 08:45 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

04/02/2002 21:32 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

27/05/2006 14:06 85,744 VPTray.exe
1 File(s) 85,744 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

16/01/2006 21:01 53,248 AccelerometerSt.exe
04/08/2004 09:00 15,360 ctfmon.exe
06/06/2006 08:06 77,824 hkcmd.exe
06/06/2006 08:10 118,784 igfxpers.exe
06/06/2006 08:09 94,208 igfxtray.exe
5 File(s) 359,424 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

20/05/2005 08:11 925,696 smax4pnp.exe
1 File(s) 925,696 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

06/05/2005 13:06 716,800 Smax4.exe
1 File(s) 716,800 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

21/12/2005 10:33 48,800 ccApp.exe
1 File(s) 48,800 bytes

Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

22/02/2006 07:03 40,960 cpqset.exe
1 File(s) 40,960 bytes

Directory of C:\PROGRA~1\HPQ\HPPROT~1\BAK

14/02/2006 10:56 122,880 PTHOSTTR.EXE
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\INTERV~1\DVDCHE~1\BAK

31/03/2006 12:58 184,320 DVDCheck.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\POINTSEC\POINTS~1\BAK

06/02/2007 11:48 941,424 P95Tray.exe
1 File(s) 941,424 bytes

Directory of C:\PROGRA~1\SECWAY\SIMPPRO\BAK

02/10/2006 17:22 2,158,592 SimpPro.exe
1 File(s) 2,158,592 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

31/03/2006 14:01 761,946 SynTPEnh.exe
1 File(s) 761,946 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

27/03/2007 14:22 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\PROGRA~1\ACCENT~1\9341989\PROGRAM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 19:51 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

11/09/2006 03:40 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

19/08/2003 00:01 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

02/07/2006 20:50 700,416 ifrmewrk.exe
03/07/2006 00:07 802,816 ZCfgSvc.exe
2 File(s) 1,503,232 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

14/03/2007 02:43 83,608 jusched.exe
1 File(s) 83,608 bytes

Directory of C:\PROGRA~1\VODAFONE\VODAFO~1\BIN\BAK

26/03/2007 21:10 3,076,096 MobileConnect.EXE
1 File(s) 3,076,096 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\PROJECTS\05H3G~1\OTA\PAFTES~1\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\TRAINING\BEA\WEBLOGIC\HELLOW~1\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\TRAINING\BEA\WEBLOGIC\SIMPLE~1\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\PROJECTS\05H3G~1\MOF\EXAMPLE\MOCKTEST\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\PROJECTS\05H3G~1\M-SITE\DMR\DEV\PROVEW~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

172280 19 Dec 2007 "C:\Program Files\ICQ6\ICQ.exe"
172280 19 Dec 2007 "C:\Program Files\ICQ6\bak\ICQ.exe"
270648 28 Jun 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 29 Jun 2007 "C:\WINDOWS\Installer\{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}\iTunesIco.exe"
116024 28 Jun 2007 "D:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe"
1289000 13 Nov 2006 "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
1289000 13 Nov 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
503808 27 Jun 2004 "C:\Program Files\Mouse Driver\bak\MouseDrv.exe"
282624 1 May 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
53248 4 Feb 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
85744 27 May 2006 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
85744 27 May 2006 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
53248 16 Jan 2006 "C:\WINDOWS\system32\bak\AccelerometerSt.exe"
53248 16 Jan 2006 "C:\Program Files\Hewlett-Packard\HP Mobile Data Protection\Winsys32\accelerometerST.exe"
15360 4 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 4 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\hkcmd.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxpers.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\igfxpers.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\igfxtray.exe"
925696 20 May 2005 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
716800 6 May 2005 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
48800 21 Dec 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48800 21 Dec 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
40960 22 Feb 2006 "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
122880 14 Feb 2006 "C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
184320 31 Mar 2006 "C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
941424 6 Feb 2007 "C:\Program Files\Pointsec\Pointsec for PC\bak\P95Tray.exe"
2347008 25 Oct 2007 "C:\Program Files\Secway\SimpPro\SimpPro.exe"
2158592 2 Oct 2006 "C:\Program Files\Secway\SimpPro\bak\SimpPro.exe"
761946 31 Mar 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761946 31 Mar 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
4670968 27 Mar 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
39792 10 Oct 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
218032 11 Sep 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
110592 19 Aug 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
700416 2 Jul 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
802816 3 Jul 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
36975 6 Dec 2004 "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
77824 14 Mar 2007 "C:\Program Files\Java\jdk1.6.0_01\jre\bin\jusched.exe"
83608 14 Mar 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
32881 23 Feb 2004 "C:\Data\Backup\C_Root\bea8.1\jdk142_04\jre\bin\jusched.exe"
32881 16 Jun 2004 "C:\Data\Backup\C_Root\bea8.1\jrockit81sp3_142_04\jre\bin\jusched.exe"
32881 23 Feb 2004 "D:\data\Backup\C_Root\bea8.1\jdk142_04\jre\bin\jusched.exe"
32881 16 Jun 2004 "D:\data\Backup\C_Root\bea8.1\jrockit81sp3_142_04\jre\bin\jusched.exe"
3076096 26 Mar 2007 "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE"
3076096 26 Mar 2007 "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\bak\MobileConnect.EXE"
4136960 8 Dec 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileConnect\cb4197406595d92bd2026495282a4acd\MobileConnect.ni.exe"
24250969 30 Aug 2002 "D:\Documents and Settings\\My Documents\Training\Jbuilder\JBuilder7\Install\mobileset.exe"


end of report
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm

Re: BAK folders

Unread postby ndmmxiaomayi » March 11th, 2008, 8:38 am

Hi,

Before continuing, please do not use any P2P programs while we are still cleaning the computer. The use of such programs may bring in more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.

Please also read Malware Removal's Guide on P2P Programs.




Step 1

Please open FindAWF again. This time, press the number 2 and pressing Enter.

Notepad will open. Please copy and paste the following in the Code box into this Notepad file. Make sure that it's after the line, not before. Do not type it out to minimize the risk of typo error.

Code: Select all
"C:\Program Files\ICQ6\bak\ICQ.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
"C:\Program Files\Mouse Driver\bak\MouseDrv.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
"C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
"C:\WINDOWS\system32\bak\AccelerometerSt.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
"C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
"C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
"C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
"C:\Program Files\Pointsec\Pointsec for PC\bak\P95Tray.exe"
"C:\Program Files\Secway\SimpPro\bak\SimpPro.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
"C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
"C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
"C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\bak\MobileConnect.EXE"


Click on File > Save. Do not choose the Save As... option.

FindAWF will now start removing the bad files. When done, a log will be produced. Do not close this log file.

Next, press the number 4. Once done, the tool will return to the main menu.

Press E and press Enter to close FindAWF.

Please post the FindAWF log file and a new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby sined » March 12th, 2008, 1:30 pm

Hello,

in the following you have the requested logs.

Thanks a lot,

Sined



Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 12/03/2008
The current time is: 18:23:45.39


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ICQ6\BAK

19/12/2007 15:48 172,280 ICQ.exe
1 File(s) 172,280 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

28/06/2007 08:14 270,648 iTunesHelper.exe
1 File(s) 270,648 bytes

Directory of C:\PROGRA~1\MICROS~4\BAK

13/11/2006 12:39 1,289,000 wcescomm.exe
1 File(s) 1,289,000 bytes

Directory of C:\PROGRA~1\MOUSED~1\BAK

27/06/2004 13:54 503,808 MouseDrv.exe
1 File(s) 503,808 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/05/2007 08:45 282,624 qttask.exe
1 File(s) 282,624 bytes

Directory of C:\PROGRA~1\REGSHAVE\BAK

04/02/2002 21:32 53,248 REGSHAVE.EXE
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\SYMANT~1\BAK

27/05/2006 14:06 85,744 VPTray.exe
1 File(s) 85,744 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

16/01/2006 21:01 53,248 AccelerometerSt.exe
04/08/2004 09:00 15,360 ctfmon.exe
06/06/2006 08:06 77,824 hkcmd.exe
06/06/2006 08:10 118,784 igfxpers.exe
06/06/2006 08:09 94,208 igfxtray.exe
5 File(s) 359,424 bytes

Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

20/05/2005 08:11 925,696 smax4pnp.exe
1 File(s) 925,696 bytes

Directory of C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

06/05/2005 13:06 716,800 Smax4.exe
1 File(s) 716,800 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

21/12/2005 10:33 48,800 ccApp.exe
1 File(s) 48,800 bytes

Directory of C:\PROGRA~1\HPQ\DEFAUL~1\BAK

22/02/2006 07:03 40,960 cpqset.exe
1 File(s) 40,960 bytes

Directory of C:\PROGRA~1\HPQ\HPPROT~1\BAK

14/02/2006 10:56 122,880 PTHOSTTR.EXE
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\INTERV~1\DVDCHE~1\BAK

31/03/2006 12:58 184,320 DVDCheck.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\POINTSEC\POINTS~1\BAK

06/02/2007 11:48 941,424 P95Tray.exe
1 File(s) 941,424 bytes

Directory of C:\PROGRA~1\SECWAY\SIMPPRO\BAK

02/10/2006 17:22 2,158,592 SimpPro.exe
1 File(s) 2,158,592 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

31/03/2006 14:01 761,946 SynTPEnh.exe
1 File(s) 761,946 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

27/03/2007 14:22 4,670,968 YAHOOM~1.EXE
1 File(s) 4,670,968 bytes

Directory of C:\PROGRA~1\ACCENT~1\9341989\PROGRAM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 19:51 39,792 Reader_sl.exe
1 File(s) 39,792 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

11/09/2006 03:40 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

19/08/2003 00:01 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

02/07/2006 20:50 700,416 ifrmewrk.exe
03/07/2006 00:07 802,816 ZCfgSvc.exe
2 File(s) 1,503,232 bytes

Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

14/03/2007 02:43 83,608 jusched.exe
1 File(s) 83,608 bytes

Directory of C:\PROGRA~1\VODAFONE\VODAFO~1\BIN\BAK

26/03/2007 21:10 3,076,096 MobileConnect.EXE
1 File(s) 3,076,096 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\PROJECTS\05H3G~1\OTA\PAFTES~1\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\TRAINING\BEA\WEBLOGIC\HELLOW~1\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\TRAINING\BEA\WEBLOGIC\SIMPLE~1\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\PROJECTS\05H3G~1\MOF\EXAMPLE\MOCKTEST\BAK

0 File(s) 0 bytes

Directory of D:\DOCUME~1\DENIS~1.BIL\MYDOCU~1\PROJECTS\05H3G~1\M-SITE\DMR\DEV\PROVEW~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

172280 19 Dec 2007 "C:\Program Files\ICQ6\ICQ.exe"
172280 19 Dec 2007 "C:\Program Files\ICQ6\bak\ICQ.exe"
270648 28 Jun 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
270648 28 Jun 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 29 Jun 2007 "C:\WINDOWS\Installer\{85B90D8C-70F3-4E84-BD31-5E9489C0F9FB}\iTunesIco.exe"
116024 28 Jun 2007 "D:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.3.0.54\iTunesSetupAdmin.exe"
1289000 13 Nov 2006 "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
1289000 13 Nov 2006 "C:\Program Files\Microsoft ActiveSync\bak\wcescomm.exe"
503808 27 Jun 2004 "C:\Program Files\Mouse Driver\MouseDrv.exe"
503808 27 Jun 2004 "C:\Program Files\Mouse Driver\bak\MouseDrv.exe"
282624 1 May 2007 "C:\Program Files\QuickTime\qttask.exe"
282624 1 May 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
53248 4 Feb 2002 "C:\Program Files\REGSHAVE\REGSHAVE.EXE"
53248 4 Feb 2002 "C:\Program Files\REGSHAVE\bak\REGSHAVE.EXE"
85744 27 May 2006 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
85744 27 May 2006 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
53248 16 Jan 2006 "C:\WINDOWS\system32\AccelerometerSt.exe"
53248 16 Jan 2006 "C:\WINDOWS\system32\bak\AccelerometerSt.exe"
53248 16 Jan 2006 "C:\Program Files\Hewlett-Packard\HP Mobile Data Protection\Winsys32\accelerometerST.exe"
15360 4 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 4 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\hkcmd.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe"
77824 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\hkcmd.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\igfxpers.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\bak\igfxpers.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxpers.exe"
118784 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\igfxpers.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\igfxtray.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\bak\igfxtray.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe"
94208 6 Jun 2006 "C:\WINDOWS\system32\ReinstallBackups\0017\DriverFiles\igfxtray.exe"
925696 20 May 2005 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
925696 20 May 2005 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
716800 6 May 2005 "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"
716800 6 May 2005 "C:\Program Files\Analog Devices\SoundMAX\bak\Smax4.exe"
48800 21 Dec 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48800 21 Dec 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
40960 22 Feb 2006 "C:\Program Files\HPQ\Default Settings\cpqset.exe"
40960 22 Feb 2006 "C:\Program Files\HPQ\Default Settings\bak\cpqset.exe"
122880 14 Feb 2006 "C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE"
122880 14 Feb 2006 "C:\Program Files\HPQ\HP ProtectTools Security Manager\bak\PTHOSTTR.EXE"
184320 31 Mar 2006 "C:\Program Files\InterVideo\DVD Check\DVDCheck.exe"
184320 31 Mar 2006 "C:\Program Files\InterVideo\DVD Check\bak\DVDCheck.exe"
941424 6 Feb 2007 "C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe"
941424 6 Feb 2007 "C:\Program Files\Pointsec\Pointsec for PC\bak\P95Tray.exe"
2158592 2 Oct 2006 "C:\Program Files\Secway\SimpPro\SimpPro.exe"
2158592 2 Oct 2006 "C:\Program Files\Secway\SimpPro\bak\SimpPro.exe"
761946 31 Mar 2006 "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
761946 31 Mar 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
761946 31 Mar 2006 "C:\Program Files\Synaptics\SynTP\Media\SynTPEnh.exe"
4670968 27 Mar 2007 "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE"
4670968 27 Mar 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
39792 10 Oct 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Program Files\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
218032 11 Sep 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 11 Sep 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
110592 19 Aug 2003 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 19 Aug 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
700416 2 Jul 2006 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
700416 2 Jul 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
802816 3 Jul 2006 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
802816 3 Jul 2006 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
36975 6 Dec 2004 "C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe"
83608 14 Mar 2007 "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
77824 14 Mar 2007 "C:\Program Files\Java\jdk1.6.0_01\jre\bin\jusched.exe"
83608 14 Mar 2007 "C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe"
32881 23 Feb 2004 "C:\Data\Backup\C_Root\bea8.1\jdk142_04\jre\bin\jusched.exe"
32881 16 Jun 2004 "C:\Data\Backup\C_Root\bea8.1\jrockit81sp3_142_04\jre\bin\jusched.exe"
32881 23 Feb 2004 "D:\data\Backup\C_Root\bea8.1\jdk142_04\jre\bin\jusched.exe"
32881 16 Jun 2004 "D:\data\Backup\C_Root\bea8.1\jrockit81sp3_142_04\jre\bin\jusched.exe"
3076096 26 Mar 2007 "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE"
3076096 26 Mar 2007 "C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\bak\MobileConnect.EXE"
4136960 8 Dec 2007 "C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileConnect\cb4197406595d92bd2026495282a4acd\MobileConnect.ni.exe"
24250969 30 Aug 2002 "D:\Documents and Settings\\My Documents\Training\Jbuilder\JBuilder7\Install\mobileset.exe"


end of report


*****************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:48, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINPROJ.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://portal.accenture.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyehnl.nl.intra.net:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: ATLToolbar - {EE4A54D0-BAB4-11DB-9367-000FFE3C65F7} - C:\Program Files\Accenture\AccentureToolbar\ATLToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SimpPro\SimpPro.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: whitelist.lnk = C:\Program Files\Microsoft Office\whitelist.vbs
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com/
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://aulavirtuale.metid.polimi.it/Sit ... aterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accent ... rvices.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accenture.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IgniteService - Ignite Technologies - C:\Program Files\Accenture Connection\9341989\Program\IgniteService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe

--
End of file - 14597 bytes
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm

Re: BAK folders

Unread postby ndmmxiaomayi » March 13th, 2008, 3:07 am

Hi,

Step 1

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
C:\Program Files\ICQ6\bak
C:\Program Files\iTunes\bak
C:\Program Files\Microsoft ActiveSync\bak
C:\Program Files\Mouse Driver\bak
C:\Program Files\QuickTime\bak
C:\Program Files\REGSHAVE\bak
C:\Program Files\Symantec AntiVirus\bak
C:\WINDOWS\system32\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\Analog Devices\SoundMAX\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\HPQ\Default Settings\bak
C:\Program Files\HPQ\HP ProtectTools Security Manager\bak
C:\Program Files\InterVideo\DVD Check\bak
C:\Program Files\Pointsec\Pointsec for PC\bak
C:\Program Files\Secway\SimpPro\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\Program Files\Adobe\Reader 8.0\Reader\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Sonic\Update Manager\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Java\jre1.6.0_01\bin\bak
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\bak


Click on MoveIt! (2).

Click on Exit (3).

Please refer to this picture for using OTMoveIt.

Image

A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers.

Please copy and paste this log in your next reply.

Step 2

  1. Click on Start > All Programs > CCleaner > CCleaner.
  2. On the Windows tab, leave the default options alone.
  3. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  4. Click on the Run Cleaner button at the bottom right hand corner.
  5. Close CCleaner.

Step 3

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

In your next reply, please post:

  1. OTMoveIt2 log (C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers)
  2. Malwarebytes' Anti-Malware scan report
  3. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby sined » March 13th, 2008, 9:55 am

Here a the required logs.

Thanks,

Sined



C:\Program Files\ICQ6\bak moved successfully.
C:\Program Files\iTunes\bak moved successfully.
C:\Program Files\Microsoft ActiveSync\bak moved successfully.
C:\Program Files\Mouse Driver\bak moved successfully.
C:\Program Files\QuickTime\bak moved successfully.
C:\Program Files\REGSHAVE\bak moved successfully.
C:\Program Files\Symantec AntiVirus\bak moved successfully.
C:\WINDOWS\system32\bak moved successfully.
C:\Program Files\Analog Devices\Core\bak moved successfully.
C:\Program Files\Analog Devices\SoundMAX\bak moved successfully.
C:\Program Files\Common Files\Symantec Shared\bak moved successfully.
C:\Program Files\HPQ\Default Settings\bak moved successfully.
C:\Program Files\HPQ\HP ProtectTools Security Manager\bak moved successfully.
C:\Program Files\InterVideo\DVD Check\bak moved successfully.
C:\Program Files\Pointsec\Pointsec for PC\bak moved successfully.
C:\Program Files\Secway\SimpPro\bak moved successfully.
C:\Program Files\Synaptics\SynTP\bak moved successfully.
C:\Program Files\Yahoo!\Messenger\bak moved successfully.
C:\Program Files\Adobe\Reader 8.0\Reader\bak moved successfully.
C:\Program Files\Common Files\InstallShield\UpdateService\bak moved successfully.
C:\Program Files\Common Files\Sonic\Update Manager\bak moved successfully.
C:\Program Files\Intel\Wireless\Bin\bak moved successfully.
C:\Program Files\Java\jre1.6.0_01\bin\bak moved successfully.
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\bak moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03132008_121514



************************


Malwarebytes' Anti-Malware 1.08
Database version: 483

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 194051
Time elapsed: 1 hour(s), 32 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\WinBudget (Adware.AdMedia) -> Quarantined and deleted successfully.
C:\Program Files\WinBudget\bin (Adware.AdMedia) -> Quarantined and deleted successfully.

Files Infected:
D:\Documents and Settings\\Desktop\adobe\PROGRESS.DLL (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsass.log (Heuristic.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


*******************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:05, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$GCPM\Binn\sqlservr.exe
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
C:\WINDOWS\system32\Prot_srv.exe
C:\WINDOWS\system32\pstartSr.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ProtectTools\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ISS\Proventia Desktop\blackice.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINPROJ.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\acstp\nrunner.exe
C:\WINDOWS\system32\acstp\e_mail.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://portal.accenture.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyehnl.nl.intra.net:8080
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: ATLToolbar - {EE4A54D0-BAB4-11DB-9367-000FFE3C65F7} - C:\Program Files\Accenture\AccentureToolbar\ATLToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Accenture Connection] "C:\Program Files\Accenture Connection\9341989\Program\Accenture Connection.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.EXE
O4 - HKCU\..\Run: [Simp] C:\PROGRA~1\Secway\SimpPro\SimpPro.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Proventia Desktop Agent.lnk = ?
O4 - Global Startup: whitelist.lnk = C:\Program Files\Microsoft Office\whitelist.vbs
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com/
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://aulavirtuale.metid.polimi.it/Sit ... aterAx.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {AA218328-0EA8-4D70-8972-E987A9190FF4} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BF17C411-9ADA-4C73-B12C-BD814BDE187F} (ScheduleServices.CtlScheduleServices) - https://mylearning.accenture.com/accent ... rvices.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accenture.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IgniteService - Ignite Technologies - C:\Program Files\Accenture Connection\9341989\Program\IgniteService.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\ProtectTools\Embedded Security Software\PSDsrvc.EXE
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe

--
End of file - 14856 bytes
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm

Re: BAK folders

Unread postby ndmmxiaomayi » March 13th, 2008, 2:47 pm

Hi,

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  3. When the downloads have finished, click on Next button.
  4. Click on Scan Settings button.
  5. Select extended under Scan using the following antivirus database:
  6. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  7. Click OK
  8. Click on My Computer under Please select a target to scan:
  9. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  10. Copy and paste this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby sined » March 17th, 2008, 9:13 am

Hello,

it looks like it doesn't work:

"Update process failed. No further antivirus actions can be performed!"

"Attention. You must be online.....[21]"

Actually I was online.

Thanks, Sined
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm

Re: BAK folders

Unread postby ndmmxiaomayi » March 17th, 2008, 1:41 pm

Hi,

Please try this scanner instead.

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.

  1. Check (tick) this box: YES, I accept the Terms of Use.
  2. Click on the Start button next to it.
  3. When prompted to run ActiveX. click Yes.
  4. You will be asked to install an ActiveX. Click Install.
  5. Once installed, the scanner will be initialized.
  6. After the scanner is initialized, click Start.
  7. Uncheck (untick) Remove found threats box.
  8. Check (tick) Scan unwanted applications.
  9. Click on Scan.
  10. It will start scanning. Please be patient.
  11. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

In your next reply, please post:

  1. Eset antivirus scan results
  2. A new HiijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: BAK folders

Unread postby sined » March 18th, 2008, 6:07 am

I don't know why, but also this scanner doesn't work:

"Error: Update failed (200)"

Thanks, Sined
sined
Regular Member
 
Posts: 31
Joined: August 12th, 2006, 1:12 pm

Re: BAK folders

Unread postby ndmmxiaomayi » March 18th, 2008, 11:11 am

Hi,

Let's see if this works.

Step 1

  1. Click on Start > All Programs > CCleaner > CCleaner.
  2. On the Windows tab, leave the default options alone.
  3. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  4. Click on the Run Cleaner button at the bottom right hand corner.
  5. Close CCleaner.

Step 2

  1. Please download Sysclean Package by Trend Micro and save it to your desktop.
  2. Download the latest Virus Pattern Files by Trend Micro and save it to your destkop. It is named lptXXX, where XXX are numbers.
    Note: Do not download the Virus Pattern Files if you don't intend to do a scan. Only download it when you want to do a scan, as they are being updated daily.
  3. Create a new folder on your desktop.
    • Right click on your desktop.
    • Click on New > Folder.
    • Type in Trend Micro as the name of the folder.
  4. Select sysclean.com by clicking once. Press Ctrl + X simultaneously.
  5. Open the Trend Micro folder you created earlier. Press Ctrl + V to paste sysclean.com into the folder.
    • Right click and select Extract All.
    • Click on Browse. Navigate to the Trend Micro folder and click OK.
    • Click Next, then Finish.
  6. Close all opened windows except the Trend Micro folder.
  7. Double click on sysclean.com to run it.
  8. Uncheck (untick) Automatically Clean Infected Files box.
  9. Once the scanning is done, click Exit.
  10. A sysclean.log is created in the Trend Micro folder.
  11. Copy and paste that log in your next reply.

In your next reply, please post:

  1. Trend Micro sysclean scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 335 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware