Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help ! Im Being Forwarded To Broadcaster.com


  • This topic is locked This topic is locked
10 replies to this topic

#1 brute force

brute force

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 11 April 2007 - 11:22 AM

thanks to all. here is my hijackthis file

Logfile of HijackThis v1.99.1
Scan saved at 1:07:08 AM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\notes\ntmulti.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {16521aa0-b454-45b0-ac32-880be5859d2e} - C:\WINDOWS\system32\Checthk.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\ddaxyx.dll",realset
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.edulence.com
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: w3.gliconline.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline.com/Common/Scripts/GuardianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline.com/GuardianHelp/Scri...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline.com/GuardianHelp/scri...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline.com/Common/Cabs/ctlCommonControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline.com/scripts/AppLauncher2.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline.com/Common/Cabs/GDL_VbRuntime.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: Checthk - C:\WINDOWS\SYSTEM32\Checthk.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:15 PM

Posted 11 April 2007 - 02:13 PM

Hello,

* Please download VundoFix.exe to your C:\.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • In case it says that nothing was found, Right click the list box (white box) in the main VundoFix window.
  • Select Add More Files? from the menu that comes up. This will open a new VundoFix window.
  • In the Window: copy and paste next in the first field: C:\WINDOWS\SYSTEM32\Checthk.dll
  • Click the Add Files button.
  • Click the "Close Window" button.
  • Click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O2 - BHO: (no name) - {16521aa0-b454-45b0-ac32-880be5859d2e} - C:\WINDOWS\system32\Checthk.dll
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\ddaxyx.dll",realset
O20 - AppInit_DLLs:
O20 - Winlogon Notify: Checthk - C:\WINDOWS\SYSTEM32\Checthk.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Please download the following file to your desktop:
http://noahdfear.geekstogo.com/FindAWF.exe

Run the file and copy and paste the output text here together with a new hijackthislog and the contents of C:\vundofix.txt in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 11 April 2007 - 05:49 PM

thanks very much

here are the files

Logfile of HijackThis v1.99.1
Scan saved at 6:38:42 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\notes\ntmulti.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\WINDOWS\system32\notepad.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O15 - Trusted Zone: *.edulence.com
O15 - Trusted Zone: *.glic.com
O15 - Trusted Zone: w3.gliconline.com
O15 - Trusted Zone: http://Download.Windowsupdate.com
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline.com/Common/Scripts/GuardianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline.com/GuardianHelp/Scri...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline.com/GuardianHelp/scri...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline.com/Common/Cabs/ctlCommonControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline.com/scripts/AppLauncher2.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline.com/Common/Cabs/GDL_VbRuntime.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe




Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT\BAK

09/13/2004 05:33 PM 155,648 Apoint.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

05/15/2005 03:04 AM 332,800 DSAgnt.exe
1 File(s) 332,800 bytes

Directory of C:\PROGRA~1\LOGMEIN\BAK

07/21/2006 01:15 PM 303,856 LogMeInSystray.exe
1 File(s) 303,856 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/19/2005 08:24 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\RMCLIENT\BAK

11/16/2001 10:23 PM 135,168 JobHisInit.exe
11/04/2000 10:09 PM 40,960 MplSetUp.exe
2 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

10/26/2005 10:00 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 06:00 AM 15,360 ctfmon.exe
07/20/2005 12:06 AM 77,824 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
07/20/2005 12:10 AM 114,688 igfxpers.exe
07/20/2005 12:09 AM 94,208 igfxtray.exe
5 File(s) 785,408 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

10/05/2005 07:06 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

04/11/2004 09:15 PM 290,816 PCMService.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

03/04/2005 12:26 PM 606,208 quickset.exe
1 File(s) 606,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

12/06/2006 06:58 PM 120,320 GoogleDesktop.exe
1 File(s) 120,320 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

06/25/2003 12:24 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

08/20/2003 03:57 PM 221,184 hpcmpmgr.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\LOGMEIN\UPDATE\2-30-545.BAK

05/25/2006 04:01 PM 10,472 LMIinit.dll
05/25/2006 04:01 PM 23,016 LMImirr.dll
05/25/2006 04:01 PM 8,040 LMImirr.sys
05/25/2006 04:01 PM 9,576 LMImirr2.dll
05/25/2006 04:01 PM 13,032 LMIport.dll
05/25/2006 04:01 PM 14,056 LMIprinter.dll
05/25/2006 04:01 PM 11,336 LMIprinternt.dll
05/25/2006 04:01 PM 15,592 LMIprinterui.dll
05/25/2006 04:01 PM 15,592 LMIprinteruint.dll
05/25/2006 04:01 PM 25,832 LMIproc.dll
05/25/2006 04:01 PM 16,616 LMIprocnt.dll
05/25/2006 04:00 PM 1,618,672 LogMeIn.exe
05/25/2006 04:01 PM 303,856 LogMeInSystray.exe
05/25/2006 04:01 PM 234,224 openssl.exe
05/25/2006 04:01 PM 12,016 ra_reboot.exe
05/25/2006 04:01 PM 171,760 ra_sc.exe
05/25/2006 04:01 PM 533,232 raabout.exe
05/25/2006 12:31 PM 217,088 racodec.ax
05/25/2006 04:01 PM 9,448 radpms.sys
05/25/2006 04:01 PM 152,296 rahook.dll
05/25/2006 04:01 PM 11,496 rahook9x.dll
05/25/2006 04:01 PM 11,112 rainfo.sys
05/25/2006 04:01 PM 180,976 rainst.exe
05/25/2006 04:01 PM 62,192 ramaint.exe
05/25/2006 12:30 PM 57,344 rntfywnd.dll
05/25/2006 04:00 PM 2,594,912 template.rab
05/25/2006 04:01 PM 70,384 zip.exe
27 File(s) 6,404,168 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

09/14/2004 09:50 AM 131,072 mm_tray.exe
09/14/2004 09:50 AM 53,248 mmtask.exe
2 File(s) 184,320 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

10/19/2005 08:24 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 02:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 05:50 PM 81,920 issch.exe
07/27/2004 05:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

03/06/2007 11:38 AM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Directory of C:\PROGRA~1\JAVA\J2RE14~1.2_0\BIN\BAK

11/19/2003 06:48 PM 32,881 jusched.exe
1 File(s) 32,881 bytes

Directory of C:\PROGRA~1\TIVOLI\LCF\BIN\W32-IX86\MRT\BAK

03/15/2001 05:52 PM 122,880 lcfep.exe
1 File(s) 122,880 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
1 File(s) 188,416 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

155648 Sep 13 2004 "C:\drivers\mouse\onboard\Apoint.exe"
155648 Sep 13 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
332800 May 15 2005 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\bak\LogMeInSystray.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\update\LogMeInSystray.exe"
303856 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LogMeInSystray.exe"
98304 Oct 19 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
135168 Nov 16 2001 "C:\Program Files\RMClient\bak\JobHisInit.exe"
40960 Nov 4 2000 "C:\Program Files\RMClient\bak\MplSetUp.exe"
100056 Oct 26 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jul 20 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
483328 Aug 20 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
114688 Jul 20 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Jul 20 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
606208 Mar 4 2005 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
746600 Nov 21 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
120320 Dec 6 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
171448 Mar 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
11496 Jul 21 2006 "C:\Program Files\LogMeIn\LMIinit.dll"
11496 Jul 21 2006 "C:\WINDOWS\system32\LMIinit.dll"
10472 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIinit.dll"
23016 Jul 21 2006 "C:\Program Files\LogMeIn\LMImirr.dll"
23016 Jul 21 2006 "C:\WINDOWS\system32\LMImirr.dll"
23016 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMImirr.dll"
8040 Oct 4 2006 "C:\Program Files\LogMeIn\LMImirr.sys"
8040 Oct 4 2006 "C:\WINDOWS\system32\drivers\LMImirr.sys"
8040 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMImirr.sys"
9576 Jul 21 2006 "C:\Program Files\LogMeIn\LMImirr2.dll"
9576 Jul 21 2006 "C:\WINDOWS\system32\LMImirr2.dll"
9576 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMImirr2.dll"
13032 Jul 21 2006 "C:\Program Files\LogMeIn\LMIport.dll"
13032 May 25 2006 "C:\WINDOWS\system32\LMIport.dll"
13032 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIport.dll"
14056 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinter.dll"
14056 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinter.dll"
14056 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinter.dll"
14056 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinter.dll"
11336 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinternt.dll"
11336 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinternt.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterui.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterui.dll"
15592 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinterui.dll"
15592 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinterui.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterdat.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterdat.dll"
15592 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinteruint.dll"
15592 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinteruint.dll"
25832 Jul 21 2006 "C:\Program Files\LogMeIn\LMIproc.dll"
25832 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIproc.dll"
25832 Jul 21 2006 "C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll"
16616 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprocnt.dll"
16616 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprocnt.dll"
1618672 Jul 21 2006 "C:\Program Files\LogMeIn\LogMeIn.exe"
1618672 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LogMeIn.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\bak\LogMeInSystray.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\update\LogMeInSystray.exe"
303856 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LogMeInSystray.exe"
234224 Jul 21 2006 "C:\Program Files\LogMeIn\openssl.exe"
234224 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\openssl.exe"
533232 Jul 21 2006 "C:\Program Files\LogMeIn\raabout.exe"
533232 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\raabout.exe"
217088 Jul 21 2006 "C:\Program Files\LogMeIn\racodec.ax"
217088 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\racodec.ax"
9448 Jul 21 2006 "C:\Program Files\LogMeIn\radpms.sys"
9448 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\radpms.sys"
152296 Jul 21 2006 "C:\Program Files\LogMeIn\rahook.dll"
152296 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rahook.dll"
11496 Jul 21 2006 "C:\Program Files\LogMeIn\rahook9x.dll"
11496 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rahook9x.dll"
11112 Jul 21 2006 "C:\Program Files\LogMeIn\rainfo.sys"
11112 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rainfo.sys"
180976 Jul 21 2006 "C:\Program Files\LogMeIn\rainst.exe"
180976 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rainst.exe"
62192 Jul 21 2006 "C:\Program Files\LogMeIn\ramaint.exe"
62192 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\ramaint.exe"
12016 Jul 21 2006 "C:\Program Files\LogMeIn\ra_reboot.exe"
12016 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\ra_reboot.exe"
171760 Jul 21 2006 "C:\Program Files\LogMeIn\ra_sc.exe"
171760 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\ra_sc.exe"
57344 Jul 21 2006 "C:\Program Files\LogMeIn\rntfywnd.dll"
57344 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rntfywnd.dll"
2595281 Jul 21 2006 "C:\Program Files\LogMeIn\template.rab"
2594912 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\template.rab"
70384 Jul 21 2006 "C:\Program Files\LogMeIn\zip.exe"
70384 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\zip.exe"
53248 Apr 9 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
135168 Apr 9 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26112 Oct 19 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
746600 Nov 21 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
120320 Dec 6 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
171448 Mar 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
32881 Nov 19 2003 "C:\Program Files\Java\j2re1.4.2_03\bin\bak\jusched.exe"
122880 Mar 15 2001 "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\bak\lcfep.exe"
188416 Jul 25 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe"


end of report



VundoFix V6.3.19

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 5:28:59 PM 4/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM32\Checthk.dll
C:\WINDOWS\SYSTEM32\Checthk.dll Has been deleted!

Performing Repairs to the registry.
Done!

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:15 PM

Posted 11 April 2007 - 06:15 PM

Hi,

Your HijackThislog looks clean, but we still have to restore some files manually. This because one of the infections you were dealing with created a bak-folder in the original programs folder and moved the good, non infected files in the bak-folder and put an infected file with the same name in their original folder.
The infected files are gone though, but we still have to replace the good ones back into their original location.

But first of all, Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6u1.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u1".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
After you updated, delete next folder (from a previous version):

C:\Program Files\Java\j2re1.4.2_03

To restore the files, do next:

* Open notepad and copy and paste next present in the quotebox in it:

copy /y "C:\Program Files\Apoint\bak\Apoint.exe" "C:\Program Files\Apoint"
copy /y "C:\Program Files\Dell Support\bak\DSAgnt.exe" "C:\Program Files\Dell Support"
copy /y "C:\Program Files\RMClient\bak\JobHisInit.exe" "C:\Program Files\RMClient"
copy /y "C:\Program Files\RMClient\bak\MplSetUp.exe" "C:\Program Files\RMClient"
copy /y "C:\Program Files\SymNetDrv\bak\SNDMon.exe" "C:\Program Files\SymNetDrv"
copy /y "C:\WINDOWS\system32\bak\hkcmd.exe" "C:\WINDOWS\system32"
copy /y "C:\WINDOWS\system32\bak\hphmon05.exe" "C:\WINDOWS\system32"
copy /y "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe" "C:\Program Files\Common Files\Symantec Shared"
copy /y "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe" "C:\Program Files\CyberLink\PowerDVD"
copy /y "C:\Program Files\QuickTime\bak\qttask.exe" "C:\Program Files\QuickTime"
copy /y "C:\Program Files\Dell\Media Experience\bak\PCMService.exe" "C:\Program Files\Dell\Media Experience"
copy /y "C:\Program Files\Dell\QuickSet\bak\quickset.exe" "C:\Program Files\Dell\QuickSet"
copy /y "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe" "C:\Program Files\Hewlett-Packard\HP Software Update"
copy /y "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe" "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}"
copy /y "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe" "C:\Program Files\HP\hpcoretech"
copy /y "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe" "C:\Program Files\MUSICMATCH\Musicmatch Jukebox"
copy /y "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe" "C:\Program Files\MUSICMATCH\Musicmatch Jukebox"
copy /y "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe" "C:\Program Files\Real\RealPlayer"
copy /y "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe" "C:\Program Files\Common Files\InstallShield\UpdateService"
copy /y "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe" "C:\Program Files\Common Files\InstallShield\UpdateService"
copy /y "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe" "C:\Program Files\Google\Google Desktop Search"
copy /y "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\bak\lcfep.exe" "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt"
copy /y "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe" "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462"
copy /y "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe" "C:\WINDOWS\system32\spool\drivers\w32x86\3"

Save this as replace.bat , choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
(In case you are unsure how to create a bat file, take a look here with screenshots.)

Doubleclick replace.bat you created previously.
It will open a command prompt and close again afterwards

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* download http://www.mvps.org/winhelp2002/DelDomains.inf and place it on desktop
right click the file and select install, that will reset the zone settings that have been altered

and also

* Download: ResetProtocolDefaults.reg
http://www.mvps.org/winhelp2002/ResetProtocolDefaults.reg

Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)

Rescan with FindAWF and post the log in your next reply together with a new Hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 11 April 2007 - 07:50 PM

wow. pretty impressive

here are my files

Logfile of HijackThis v1.99.1
Scan saved at 8:46:03 PM, on 4/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\notes\ntmulti.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\notepad.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartNetMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {21D817CE-B22E-11D2-B514-00C04F930B5E} (GuardianDownload.Download) - http://w3.gliconline.com/Common/Scripts/GuardianDownload.CAB
O16 - DPF: {2E764AF3-8311-11D2-B4EC-00C04F930B5E} (prjDownloadHelp.ctlDownloadHelp_2) - http://w3.gliconline.com/GuardianHelp/Scri...nloadHelp_2.CAB
O16 - DPF: {2F01ABF9-0799-11D2-B771-00C04F930B5E} (prjShowHelp_3.ctlShowHelp_3) - http://w3.gliconline.com/GuardianHelp/scri...lshowHelp_3.CAB
O16 - DPF: {3E755E01-BB38-11D4-B44C-00105A0D610A} (VbpCommonControls.ctlCommonControls) - http://w3.gliconline.com/Common/Cabs/ctlCommonControls.CAB
O16 - DPF: {8EB7A892-8135-11D1-842A-00A02495BC15} (AppLauncherCtrl2 Class) - http://w3.gliconline.com/scripts/AppLauncher2.cab
O16 - DPF: {9E4A8277-58D1-11D4-8E62-00C04F6F3010} (VbRuntime.RuntimeControls) - http://w3.gliconline.com/Common/Cabs/GDL_VbRuntime.CAB
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Tivoli Endpoint (lcfd) - Unknown owner - C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\LCFD.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - c:\notes\ntmulti.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Find AWF report by noahdfear 2006


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\APOINT\BAK

09/13/2004 05:33 PM 155,648 Apoint.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

05/15/2005 03:04 AM 332,800 DSAgnt.exe
1 File(s) 332,800 bytes

Directory of C:\PROGRA~1\LOGMEIN\BAK

07/21/2006 01:15 PM 303,856 LogMeInSystray.exe
1 File(s) 303,856 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

10/19/2005 08:24 PM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\RMCLIENT\BAK

11/16/2001 10:23 PM 135,168 JobHisInit.exe
11/04/2000 10:09 PM 40,960 MplSetUp.exe
2 File(s) 176,128 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

10/26/2005 10:00 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 06:00 AM 15,360 ctfmon.exe
07/20/2005 12:06 AM 77,824 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
07/20/2005 12:10 AM 114,688 igfxpers.exe
07/20/2005 12:09 AM 94,208 igfxtray.exe
5 File(s) 785,408 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

10/05/2005 07:06 PM 48,752 ccApp.exe
1 File(s) 48,752 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

02/23/2005 05:19 PM 53,248 DVDLauncher.exe
1 File(s) 53,248 bytes

Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

04/11/2004 09:15 PM 290,816 PCMService.exe
1 File(s) 290,816 bytes

Directory of C:\PROGRA~1\DELL\QUICKSET\BAK

03/04/2005 12:26 PM 606,208 quickset.exe
1 File(s) 606,208 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

12/06/2006 06:58 PM 120,320 GoogleDesktop.exe
1 File(s) 120,320 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

06/25/2003 12:24 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

08/20/2003 03:57 PM 221,184 hpcmpmgr.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\LOGMEIN\UPDATE\2-30-545.BAK

05/25/2006 04:01 PM 10,472 LMIinit.dll
05/25/2006 04:01 PM 23,016 LMImirr.dll
05/25/2006 04:01 PM 8,040 LMImirr.sys
05/25/2006 04:01 PM 9,576 LMImirr2.dll
05/25/2006 04:01 PM 13,032 LMIport.dll
05/25/2006 04:01 PM 14,056 LMIprinter.dll
05/25/2006 04:01 PM 11,336 LMIprinternt.dll
05/25/2006 04:01 PM 15,592 LMIprinterui.dll
05/25/2006 04:01 PM 15,592 LMIprinteruint.dll
05/25/2006 04:01 PM 25,832 LMIproc.dll
05/25/2006 04:01 PM 16,616 LMIprocnt.dll
05/25/2006 04:00 PM 1,618,672 LogMeIn.exe
05/25/2006 04:01 PM 303,856 LogMeInSystray.exe
05/25/2006 04:01 PM 234,224 openssl.exe
05/25/2006 04:01 PM 12,016 ra_reboot.exe
05/25/2006 04:01 PM 171,760 ra_sc.exe
05/25/2006 04:01 PM 533,232 raabout.exe
05/25/2006 12:31 PM 217,088 racodec.ax
05/25/2006 04:01 PM 9,448 radpms.sys
05/25/2006 04:01 PM 152,296 rahook.dll
05/25/2006 04:01 PM 11,496 rahook9x.dll
05/25/2006 04:01 PM 11,112 rainfo.sys
05/25/2006 04:01 PM 180,976 rainst.exe
05/25/2006 04:01 PM 62,192 ramaint.exe
05/25/2006 12:30 PM 57,344 rntfywnd.dll
05/25/2006 04:00 PM 2,594,912 template.rab
05/25/2006 04:01 PM 70,384 zip.exe
27 File(s) 6,404,168 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK

09/14/2004 09:50 AM 131,072 mm_tray.exe
09/14/2004 09:50 AM 53,248 mmtask.exe
2 File(s) 184,320 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

10/19/2005 08:24 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/06/2004 02:05 AM 127,035 tfswctrl.exe
1 File(s) 127,035 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

07/27/2004 05:50 PM 81,920 issch.exe
07/27/2004 05:50 PM 221,184 ISUSPM.exe
2 File(s) 303,104 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\121128~1.546\BAK

03/06/2007 11:38 AM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Directory of C:\PROGRA~1\TIVOLI\LCF\BIN\W32-IX86\MRT\BAK

03/15/2001 05:52 PM 122,880 lcfep.exe
1 File(s) 122,880 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
1 File(s) 188,416 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

155648 Sep 13 2004 "C:\Program Files\Apoint\Apoint.exe"
155648 Sep 13 2004 "C:\drivers\mouse\onboard\Apoint.exe"
155648 Sep 13 2004 "C:\Program Files\Apoint\bak\Apoint.exe"
332800 May 15 2005 "C:\Program Files\Dell Support\DSAgnt.exe"
332800 May 15 2005 "C:\Program Files\Dell Support\bak\DSAgnt.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\bak\LogMeInSystray.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\update\LogMeInSystray.exe"
303856 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LogMeInSystray.exe"
98304 Oct 19 2005 "C:\Program Files\QuickTime\qttask.exe"
98304 Oct 19 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
135168 Nov 16 2001 "C:\Program Files\RMClient\JobHisInit.exe"
135168 Nov 16 2001 "C:\Program Files\RMClient\bak\JobHisInit.exe"
40960 Nov 4 2000 "C:\Program Files\RMClient\MplSetUp.exe"
40960 Nov 4 2000 "C:\Program Files\RMClient\bak\MplSetUp.exe"
100056 Oct 26 2005 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Oct 26 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Jul 20 2005 "C:\drivers\video\onboard\hkcmd.exe"
77824 Jul 20 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
483328 Aug 20 2003 "C:\WINDOWS\system32\hphmon05.exe"
483328 Aug 20 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
114688 Jul 20 2005 "C:\drivers\video\onboard\igfxpers.exe"
114688 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
94208 Jul 20 2005 "C:\drivers\video\onboard\igfxtray.exe"
94208 Jul 20 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Oct 5 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
53248 Feb 23 2005 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\PCMService.exe"
290816 Apr 11 2004 "C:\Program Files\Dell\Media Experience\bak\PCMService.exe"
606208 Mar 4 2005 "C:\Program Files\Dell\QuickSet\quickset.exe"
606208 Mar 4 2005 "C:\Program Files\Dell\QuickSet\bak\quickset.exe"
746600 Nov 21 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
171448 Mar 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
120320 Dec 6 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
171448 Mar 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe"
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe"
11496 Jul 21 2006 "C:\Program Files\LogMeIn\LMIinit.dll"
11496 Jul 21 2006 "C:\WINDOWS\system32\LMIinit.dll"
10472 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIinit.dll"
23016 Jul 21 2006 "C:\Program Files\LogMeIn\LMImirr.dll"
23016 Jul 21 2006 "C:\WINDOWS\system32\LMImirr.dll"
23016 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMImirr.dll"
8040 Oct 4 2006 "C:\Program Files\LogMeIn\LMImirr.sys"
8040 Oct 4 2006 "C:\WINDOWS\system32\drivers\LMImirr.sys"
8040 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMImirr.sys"
9576 Jul 21 2006 "C:\Program Files\LogMeIn\LMImirr2.dll"
9576 Jul 21 2006 "C:\WINDOWS\system32\LMImirr2.dll"
9576 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMImirr2.dll"
13032 Jul 21 2006 "C:\Program Files\LogMeIn\LMIport.dll"
13032 May 25 2006 "C:\WINDOWS\system32\LMIport.dll"
13032 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIport.dll"
14056 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinter.dll"
14056 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinter.dll"
14056 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinter.dll"
14056 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinter.dll"
11336 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinternt.dll"
11336 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinternt.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterui.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterui.dll"
15592 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinterui.dll"
15592 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinterui.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\LMIprinterdat.dll"
15592 Jul 21 2006 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LMIprinterdat.dll"
15592 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprinteruint.dll"
15592 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprinteruint.dll"
25832 Jul 21 2006 "C:\Program Files\LogMeIn\LMIproc.dll"
25832 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIproc.dll"
25832 Jul 21 2006 "C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll"
16616 Jul 21 2006 "C:\Program Files\LogMeIn\LMIprocnt.dll"
16616 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LMIprocnt.dll"
1618672 Jul 21 2006 "C:\Program Files\LogMeIn\LogMeIn.exe"
1618672 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LogMeIn.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\bak\LogMeInSystray.exe"
303856 Jul 21 2006 "C:\Program Files\LogMeIn\update\LogMeInSystray.exe"
303856 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\LogMeInSystray.exe"
234224 Jul 21 2006 "C:\Program Files\LogMeIn\openssl.exe"
234224 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\openssl.exe"
533232 Jul 21 2006 "C:\Program Files\LogMeIn\raabout.exe"
533232 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\raabout.exe"
217088 Jul 21 2006 "C:\Program Files\LogMeIn\racodec.ax"
217088 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\racodec.ax"
9448 Jul 21 2006 "C:\Program Files\LogMeIn\radpms.sys"
9448 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\radpms.sys"
152296 Jul 21 2006 "C:\Program Files\LogMeIn\rahook.dll"
152296 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rahook.dll"
11496 Jul 21 2006 "C:\Program Files\LogMeIn\rahook9x.dll"
11496 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rahook9x.dll"
11112 Jul 21 2006 "C:\Program Files\LogMeIn\rainfo.sys"
11112 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rainfo.sys"
180976 Jul 21 2006 "C:\Program Files\LogMeIn\rainst.exe"
180976 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rainst.exe"
62192 Jul 21 2006 "C:\Program Files\LogMeIn\ramaint.exe"
62192 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\ramaint.exe"
12016 Jul 21 2006 "C:\Program Files\LogMeIn\ra_reboot.exe"
12016 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\ra_reboot.exe"
171760 Jul 21 2006 "C:\Program Files\LogMeIn\ra_sc.exe"
171760 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\ra_sc.exe"
57344 Jul 21 2006 "C:\Program Files\LogMeIn\rntfywnd.dll"
57344 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\rntfywnd.dll"
2595281 Jul 21 2006 "C:\Program Files\LogMeIn\template.rab"
2594912 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\template.rab"
70384 Jul 21 2006 "C:\Program Files\LogMeIn\zip.exe"
70384 May 25 2006 "C:\Program Files\LogMeIn\update\2-30-545.bak\zip.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
53248 Apr 9 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
135168 Apr 9 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
131072 Sep 14 2004 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mm_tray.exe"
26112 Oct 19 2005 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
26112 Oct 19 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
127035 Dec 6 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
127035 Dec 6 2004 "C:\WINDOWS\system32\dla\bak\tfswctrl.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe"
81920 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\issch.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
221184 Jul 27 2004 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
746600 Nov 21 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
171448 Mar 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe"
120320 Dec 6 2006 "C:\Program Files\Google\Google Desktop Search\bak\GoogleDesktop.exe"
171448 Mar 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
122880 Mar 15 2001 "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\lcfep.exe"
122880 Mar 15 2001 "C:\Program Files\Tivoli\lcf\bin\w32-ix86\mrt\bak\lcfep.exe"
188416 Jul 25 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe"
188416 Jul 25 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe"


end of report

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:15 PM

Posted 12 April 2007 - 12:09 AM

Looking good again and I see the files are replaced successfully.

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 12 April 2007 - 06:22 AM

things seem fine

you are a genius. how do you do it?

:thumbsup:

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:15 PM

Posted 12 April 2007 - 06:39 AM

how do you do it?

Reading and analyzing a lot :thumbsup:

Glad I could help. :flowers:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 brute force

brute force
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:07:15 AM

Posted 12 April 2007 - 09:00 PM

thanks again, miekiemoes.

p.s. i see that you also frequent geeks to go

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:15 PM

Posted 13 April 2007 - 03:14 AM

Yes, I am everywhere :thumbsup:

You're welcome :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:15 PM

Posted 14 April 2007 - 02:28 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users