Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

88.80.7.66, A.doginhispen, & Bskitodayplease Infections


  • Please log in to reply
1 reply to this topic

#1 Sofocused

Sofocused

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 09 March 2008 - 02:52 PM

Please help me! I have windows Xp. :thumbsup:


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Sun 03/09/2008
The current time is: 14:31:59.81


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

12/11/2007 01:10 PM 267,048 iTunesHelper.exe
1 File(s) 267,048 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

12/11/2007 11:56 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:56 AM 15,360 ctfmon.exe
10/19/2005 08:59 AM 126,976 hkcmd.exe
10/19/2005 08:59 AM 155,648 igfxtray.exe
3 File(s) 297,984 bytes

Directory of C:\PROGRA~1\BROADJ~1\CLIENT~1\BAK

09/10/2002 09:26 PM 368,706 CFD.exe
1 File(s) 368,706 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

12/02/2003 05:11 PM 54,296 ccApp.exe
12/02/2003 05:11 PM 58,392 ccRegVfy.exe
2 File(s) 112,688 bytes

Directory of C:\PROGRA~1\MICROS~2\SYSTEM\BAK

06/18/2003 12:00 PM 200,704 mnyexpr.exe
1 File(s) 200,704 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

01/19/2006 12:06 PM 110,592 mm_tray.exe
1 File(s) 110,592 bytes

Directory of C:\PROGRA~1\NORTON~1\ADVTOOLS\BAK

01/30/2008 09:56 PM 14,348 ADVCHK.EXE
1 File(s) 14,348 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

01/30/2008 09:56 PM 14,348 tfswctrl.exe
1 File(s) 14,348 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

11/06/2007 09:26 PM 185,632 realsched.exe
1 File(s) 185,632 bytes

Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

08/19/2003 02:01 AM 110,592 sgtray.exe
1 File(s) 110,592 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

03/11/2003 03:08 AM 172,032 hpztsb08.exe
1 File(s) 172,032 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Feb 19 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
267048 Dec 11 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 1 2008 "C:\WINDOWS\Installer\{80FD852F-5AAC-4129-B931-06AAFFA43138}\iTunesIco.exe"
75048 Mar 1 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.1.9\iTunesSetupAdmin.exe"
385024 Feb 1 2008 "C:\Program Files\QuickTime\QTTask.exe"
286720 Dec 11 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\hkcmd.exe"
126976 Oct 19 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
118784 Oct 2 2003 "C:\DELL\drivers\R70267\Graphics\Win2000\hkcmd.exe"
118784 Oct 2 2003 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\hkcmd.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\igfxtray.exe"
155648 Oct 19 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Oct 2 2003 "C:\DELL\drivers\R70267\Graphics\Win2000\igfxtray.exe"
155648 Oct 2 2003 "C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\igfxtray.exe"
14348 Feb 26 2008 "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
368706 Sep 10 2002 "C:\Program Files\BroadJump\Client Foundation\bak\CFD.exe"
14348 Feb 26 2008 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
14348 Feb 26 2008 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
14348 Feb 26 2008 "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
200704 Jun 18 2003 "C:\Program Files\Microsoft Money\System\bak\mnyexpr.exe"
14348 Feb 26 2008 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
110592 Jan 19 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
110592 Feb 26 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
14348 Feb 26 2008 "C:\Program Files\Norton AntiVirus\AdvTools\ADVCHK.EXE"
14348 Jan 30 2008 "C:\Program Files\Norton AntiVirus\AdvTools\bak\ADVCHK.EXE"
14348 Feb 26 2008 "C:\WINDOWS\system32\dla\tfswctrl.exe"
114741 Aug 6 2003 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
14348 Jan 30 2008 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
14348 Feb 26 2008 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185632 Nov 6 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
14348 Feb 26 2008 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
110592 Aug 19 2003 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
14348 Feb 26 2008 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe"
172032 Mar 11 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb08.exe"


end of report

BC AdBot (Login to Remove)

 


m

#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:28 PM

Posted 09 March 2008 - 03:15 PM

Hi Sofocused
That's not a very well know infection.... how did you know you had it?
The transferring of the files back to normal is something that should really be dealt with in the Hjt room.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.

Read the Preparation Guide before posting a HijackThis Log.
Please read, and follow, all directions carefully

Run a log, and post it in the HijackThis Logs and Analysis forum.

Do not, post it in this topic.
Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response from the HJT Team, because they are very busy. Please, be patient, as these people are volunteers. They will help you, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.


If you haven't heard back from them in 5 days, go to this topic, Haven't Had A Reply In Five Days?, and carefully follow all directions.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users