Hi kliao93,
As I mentioned, these legitimate files have been modified by the malware but are now harmless, however it looks like your antivirus program is detecting them so you won't be able to use them as-is and reinstallation will be required.
I have posted instructions below to quarantine the files in question which I recommend you follow, this should stop your antivirus complaining but the functions provided by the programs will also stop. The most important ones I can see on the list is your Veritas backup software, and
tfswctrl.exe - this helps your CD/DVD drive work correctly.
Download
OTMoveIt to your desktop and double-click the program to start it.
Select the contents of the below file list, then press
Ctrl+C to copy it to the clipboard
In OTMoveIt, click in the left-hand pane and press
Ctrl+V to paste the file-list into the program
Then, press
MoveIt!If the program asks you to reboot now,
click NoCopy the
Results output and paste it into a new notepad file so you can post it in your next response. Do this by clicking in the right-hand pane, press
Ctrl-A then
Ctrl-C to select all and copy. Then open Notepad, press
Ctrl-V to paste in the text, and save this text file to your desktop.
OTMoveIt file list:- Code: Select all
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Then reboot your computer to complete the removals.something is trying to access te internet but I do not noe if it is a virus. Oh, and its not in your list.
Does Norton tell you the name of the process which is trying to gain access?
Once complete, please post the OTMoveIt report along with a new HijackThis log.