Tech Support Forum - View Single Post

Naomi420 · 01-08-2008, 12:29 PM

ok i did the ComboFix and the FindAWF also after i did the FindAWF i.e icon popped up on my desktop is that suppose to happen? lol alright thanks a lot for that and heres my new logs

ComboFix 08-01-08.4 - Owner 2008-01-08 13:55:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.20 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\NetMon
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Owner\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\Companion Wizard\log.txt
C:\Program Files\network monitor
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1165968882.old
C:\Program Files\WinBudget\bin\crap.1165990849.old
C:\Program Files\WinBudget\bin\matrix.dll.1165990848.old
C:\Program Files\WinBudget\bin\matrix.dll.1166081033.old
C:\Program Files\WinBudget\bin\matrix.dll.1166332366.old
C:\Program Files\WinBudget\bin\matrix.dll.1166674113.old
C:\Program Files\WinBudget\bin\matrix.dll.1166850156.old
C:\Program Files\WinBudget\bin\matrix.dll.1167119113.old
C:\Program Files\WinBudget\bin\matrix.dll.1167370646.old
C:\Program Files\WinBudget\bin\matrix.dll.1167715233.old
C:\Program Files\WinBudget\bin\matrix.dll.1167993327.old
C:\Program Files\WinBudget\bin\matrix.dll.1168235954.old
C:\Program Files\WinBudget\bin\matrix.dll.1168498341.old
C:\Program Files\WinBudget\bin\matrix.dll.1169192289.old
C:\WA6P
C:\WINDOWS\Downloaded Program Files.\sysiasvc32.inf
C:\WINDOWS\Downloaded Program Files\rave
C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm
C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm
C:\WINDOWS\Downloaded Program Files\rave\base.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdm
C:\WINDOWS\Downloaded Program Files\rave\daily.vdt
C:\WINDOWS\Downloaded Program Files\rave\filters.vdm
C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk
C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk
C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm
C:\WINDOWS\Downloaded Program Files\rave\modules.vdk
C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm
C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm
C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm
C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm
C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm
C:\WINDOWS\Downloaded Program Files\temp
C:\WINDOWS\emdat.tm
C:\WINDOWS\emdat.tmp
C:\WINDOWS\enewsletterpro1.dat
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\cryptdl.dll
C:\WINDOWS\system32\drivers\gipddqup.dat
C:\WINDOWS\system32\euoslgtyv.dat
C:\WINDOWS\system32\euoslgtyv_nav.dat
C:\WINDOWS\system32\euoslgtyv_navps.dat
C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\kr_done1
C:\WINDOWS\system32\qbnfvgsty.dat
C:\WINDOWS\system32\qbnfvgsty_nav.dat
C:\WINDOWS\system32\qbnfvgsty_navps.dat
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_STHPSSTV
-------\LEGACY_VSPF
-------\LEGACY_VSPF_HK
-------\sthpsstv

((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 13:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-08 12:19 . 2008-01-08 12:19 <DIR> d-------- C:\Deckard
2008-01-08 05:04 . 2008-01-08 05:06 812,344 --a------ C:\Program Files\HJTInstall.exe
2008-01-06 10:14 . 2008-01-06 10:14 96,256 --ahs---- C:\WINDOWS\system32\urdvxc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 16:55 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 10:06 --------- d-----w C:\Program Files\Trend Micro
2007-11-29 11:15 --------- d-----w C:\Program Files\Vodafone
2007-11-29 11:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-24 11:56 --------- d-----w C:\Program Files\Y!Deceasedv2.0b
2007-11-24 11:56 --------- d-----w C:\Program Files\QuickTime
2007-11-24 11:56 --------- d-----w C:\Program Files\cmer_uninstallers
2007-11-24 11:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-11-17 11:25 --------- d-----w C:\Program Files\Lavasoft
2007-11-17 11:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2007-11-17 11:10 21,216,112 ----a-w C:\Program Files\aaw2007.exe
2007-11-17 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-17 09:56 --------- d-----w C:\Program Files\XoftSpySE
2007-11-17 09:56 --------- d-----w C:\Program Files\SmitfraudFix
2007-11-17 09:56 --------- d-----w C:\Program Files\Poker.com
2007-11-17 09:04 3,178,952 ----a-w C:\Program Files\XoftSpySE433_263.exe
2007-11-17 08:54 --------- d-----w C:\Program Files\Enigma Software Group
2007-11-17 08:32 4,067,176 ----a-w C:\Program Files\Free-SpyHunter-Scanner-Install.exe
2007-11-16 10:41 1,043,644 ----a-w C:\Program Files\SmitfraudFix.exe
2007-09-23 16:53 1,006,207 ----a-w C:\Program Files\Poker.exe
2007-06-20 18:16 10,171,623 ----a-w C:\Program Files\FullTiltSetup.exe
2007-05-23 05:59 1,542,034 ----a-w C:\Program Files\voy15-01d_hi.wmv
2007-05-23 05:51 1,478,498 ----a-w C:\Program Files\voy15-01c_hi.wmv
2007-05-23 05:46 1,565,138 ----a-w C:\Program Files\voy15-01b_hi.wmv
2007-05-23 05:33 1,212,200 ----a-w C:\Program Files\hh_07092006_3.mpg
2007-05-23 05:26 1,867,776 ----a-w C:\Program Files\157_allmypornstars.com_c.mpg
2007-05-23 05:17 1,574,355 ----a-w C:\Program Files\movie_4.wmv
2007-05-23 05:00 464,900 ----a-w C:\Program Files\V01964_t6_350.mpg
2007-05-22 14:18 1,803,424 ----a-w C:\Program Files\babe-posing-and-masturbating-movies_04.mpg
2007-05-22 14:12 1,910,328 ----a-w C:\Program Files\babe-posing-and-toying-movies_04.mpg
2007-05-22 14:06 1,605,636 ----a-w C:\Program Files\video4.mpg
2007-05-22 13:50 1,713,134 ----a-w C:\Program Files\spy4.mpg
2007-05-22 13:40 1,587,204 ----a-w C:\Program Files\spy2.mpg
2007-05-22 13:32 1,107,972 ----a-w C:\Program Files\beach-sex-06.mpg
2007-05-22 13:26 1,447,154 ----a-w C:\Program Files\spy.wmv
2007-05-21 15:25 2,547,716 ----a-w C:\Program Files\V01382_big_02.mpg
2007-05-21 15:06 1,071,108 ----a-w C:\Program Files\beach-sex-05.mpg
2007-05-21 14:53 1,478,498 ----a-w C:\Program Files\fil12-01d_hi.wmv
2007-05-21 14:45 1,487,162 ----a-w C:\Program Files\fil12-01b_hi.wmv
2007-05-21 14:35 1,555,960 ----a-w C:\Program Files\fil08-02a_hi.wmv
2007-05-18 13:20 1,547,296 ----a-w C:\Program Files\fil08-02d_hi.wmv
2007-05-18 13:04 1,541,520 ----a-w C:\Program Files\fil08-02c_hi.wmv
2007-05-18 12:58 1,532,856 ----a-w C:\Program Files\fil08-02b_hi.wmv
2007-05-18 12:51 2,786,476 ----a-w C:\Program Files\7777.wmv
2007-05-03 09:21 54,087 ----a-w C:\Program Files\smile_sexy.jpg
2007-04-30 03:44 465,520 ----a-w C:\Program Files\msgr8us.exe
2007-04-29 15:57 2,265,956 ----a-w C:\Program Files\candyhi03_chunk_3.wmv
2007-04-29 15:39 1,735,853 ----a-w C:\Program Files\video5.mpg
2007-04-28 16:43 1,762,945 ----a-w C:\Program Files\video4.wmv
2007-04-28 16:36 1,523,716 ----a-w C:\Program Files\00006.mpg
2007-04-28 16:29 1,145,107 ----a-w C:\Program Files\00005.mpg
2007-04-28 16:24 1,589,252 ----a-w C:\Program Files\00004.mpg
2007-04-28 16:17 2,084,868 ----a-w C:\Program Files\video3.mpg
2007-04-28 16:09 3,437,579 ----a-w C:\Program Files\clip4.wmv
2007-04-28 15:44 1,619,972 ----a-w C:\Program Files\0002.mpg
2007-04-28 15:31 1,221,494 ----a-w C:\Program Files\001.wmv
2007-04-25 10:36 338,781 ----a-w C:\Program Files\Rose_for_Wifey.jpg
2007-04-23 11:08 34,044 ----a-w C:\Program Files\mcsmiclock.zip
2007-04-23 11:07 7,310 ----a-w C:\Program Files\own_the_mic.zip
2007-04-14 13:02 851 ----a-w C:\Program Files\resize.reg
2007-04-14 12:49 532,616 ----a-w C:\Program Files\ImageResizerPowertoySetup(2).exe
2007-04-05 13:52 1,247,274 ----a-w C:\Program Files\0003.wmv
2007-04-01 11:06 1,557,566 ----a-w C:\Program Files\4_chunk_24.wmv
2007-04-01 09:55 348,457 ----a-w C:\Program Files\reacharoundbuddiesfilm2_246.wmv
2007-04-01 00:52 7,930,697 ----a-w C:\Program Files\gimp-2.2.13-i586-setup-1.zip
2007-04-01 00:23 5,671,965 ----a-w C:\Program Files\gtk+-2.10.6-1-setup.zip
2007-03-31 23:49 5,322,802 ----a-w C:\Program Files\setupAIR.exe
2007-03-31 07:33 4,537,848 ----a-w C:\Program Files\PortraitProfessionalTrialSetup.exe
2007-03-15 04:23 2,064,388 -c--a-w C:\Program Files\blonde-lesbians-04.mpg
2007-03-15 04:16 2,064,388 -c--a-w C:\Program Files\sex-with-strapon-04.mpg
2007-03-15 04:05 2,064,388 -c--a-w C:\Program Files\red-strapon-action-hard-sex-02.mpg
2007-03-15 03:58 2,064,388 -c--a-w C:\Program Files\red-strapon-action-hard-sex-03.mpg
2007-03-15 03:49 1,778,951 -c--a-w C:\Program Files\hotties_licking_***_204.wmv
2007-03-15 03:41 1,963,883 -c--a-w C:\Program Files\lss1.mpg
2007-03-15 03:32 1,122,304 -c--a-w C:\Program Files\lesbiansex03.mpg
2007-03-15 03:28 1,150,976 -c--a-w C:\Program Files\lesbiansex02.mpg
2007-03-15 03:23 1,177,600 -c--a-w C:\Program Files\lesbiansex01.mpg
2007-03-15 03:19 935,936 -c--a-w C:\Program Files\lesbiansex04.mpg
2007-03-14 15:45 2,064,388 -c--a-w C:\Program Files\strapon-lesbos-hard-sex-04.mpg
2007-03-14 15:35 1,345,540 ----a-w C:\Program Files\whipped-ass4.mpg
2007-03-14 15:24 649,934 -c--a-w C:\Program Files\4a.mpeg
2007-03-14 15:21 1,099,780 ----a-w C:\Program Files\lls.mpg
2007-03-14 15:10 1,093,636 -c--a-w C:\Program Files\bossbitches_02_02_straponforcefucking_06a_tagged.mpg
2007-03-14 15:04 1,492,996 -c--a-w C:\Program Files\take2.mpg
2007-03-14 14:30 468,996 ----a-w C:\Program Files\0ls.mpg
2007-03-14 14:29 473,092 -c--a-w C:\Program Files\ls3.mpg
2007-03-14 14:27 475,140 -c--a-w C:\Program Files\ls2.mpg
2007-03-14 14:24 473,092 -c--a-w C:\Program Files\ls.mpg
2007-03-11 14:10 1,004,873 -c--a-w C:\Program Files\a3.wmv
2007-03-11 14:01 289,478 -c--a-w C:\Program Files\strap-on-movie-01.mpg
2007-03-05 07:33 1,574,008 -c--a-w C:\Program Files\Fonts_1_1.zip
2007-03-02 07:32 12,580,696 -c--a-w C:\Program Files\mm20enu.exe
2007-02-26 09:51 81,408 -c--a-w C:\Program Files\Takanui aka Williams Whanau.doc
2007-02-26 04:18 372,224 -c--a-w C:\Program Files\Familystuff(2).wps
2007-02-26 04:07 372,224 -c--a-w C:\Program Files\Familystuff.wps
2007-02-23 14:16 1,887,088 -c--a-w C:\Program Files\lesbian-strapon-action_04.mpg
2007-02-19 03:07 11,759 -c--a-w C:\Program Files\gargoyles.zip
2007-02-19 03:06 20,262 ----a-w C:\Program Files\bulwarknf.zip
2007-02-19 03:03 100,055 -c--a-w C:\Program Files\bulletholz.zip
2007-02-19 03:02 32,644 -c--a-w C:\Program Files\bloodofdracula.zip
2006-04-30 05:58 602,758 --sh--w C:\WINDOWS\system32\hgjjl.bak1
2002-12-17 05:50 602,741 --sh--w C:\WINDOWS\system32\hgjjl.bak2
.

Code:

<pre>
-c--a-w         2,318,611 2003-01-15 22:53:38  C:\Documents and Settings\Owner\My Documents\Net Commando 2000 lite\Net Commando 2000 lite\Net-Commando .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B}]
C:\WINDOWS\System32\cryptdl.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 12:00 184376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2003-03-31 07:00 375808]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 07:00 13312]
"Compliant"="gbloblqbw.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2003-11-02 09:37:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)
"NoDispCPL"= 0 (0x0)
"NoVisualStyleChoice"= 0 (0x0)
"NoDispSettingsPage"= 0 (0x0)
"NoDispAppearancePage"= 0 (0x0)
"DisableCMD"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"ForceActiveDesktopOn"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MS-DOS Emulation]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Printkey2000.lnk]
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Real-time Monitor.lnk]
backup=C:\WINDOWS\pss\Real-time Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Sharlene Hokianga.TROJANCREW^Start Menu^Programs^Startup^Quick ShutDown.lnk]
backup=C:\WINDOWS\pss\Quick ShutDown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Pal]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserBrand]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserFortress]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compliant]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
-----c--- 2001-11-26 16:35 856064 C:\Program Files\ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing]
--a--c--- 2004-10-05 11:02 790528 C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Configs 32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a--c--- 2001-08-23 16:52 331830 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a--c--- 2001-08-16 23:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mopsp1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWMngr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perfect Keyboard PRO]
--a--c--- 2001-01-22 10:54 122880 C:\Program Files\Perfect Keyboard PRO\pk32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe]
--a--c--- 2001-09-13 09:59 294982 C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdpmsv]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sygate Personal Firewall]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2002-07-12 22:50 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe]
--a--c--- 2001-09-13 09:53 235520 C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Tmntsrv"=2 (0x2)

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2001-11-08 04:00]
R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 09:45]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\System32\drivers\BsUDF.sys [2001-11-26 16:36]
R2 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" [2008-01-06 10:14]
R2 Vcs;Vcs support;C:\WINDOWS\System32\Drivers\Vcs.sys [2002-12-10 08:11]
R3 trid3d;trid3d;C:\WINDOWS\System32\DRIVERS\trid3dm.sys [2001-08-17 07:51]
S0 sthpsstv;sthpsstv;C:\WINDOWS\System32\drivers\gipddqup.da_ []
S1 alfacleaner;alfacleaner;C:\WINDOWS\System32\drivers\hesvc.sys []
S3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS\System32\DRIVERS\IntelH51.sys [2001-10-11 21:48]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 14:08:37
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 14:14:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 19:14:50

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 01/08/2008
The current time is: 14:16:51.94

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\MICROS~3\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/01/2003 04:19 a.m. 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

07/08/2001 09:50 p.m. 155,648 NeroCheck.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\MICAC0~1\SYSTEM\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\PLAXO\2111~1.5\BAK

08/30/2006 12:46 p.m. 183,367 PlaxoHelper.exe
1 File(s) 183,367 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 02:48 a.m. 36,975 jusched.exe
1 File(s) 36,975 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

77824 1 Feb 2003 "C:\Program Files\QuickTime\bak\qttask.exe"
155648 8 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
183367 30 Aug 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe"
183367 30 Aug 2006 "C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe"
183367 30 Aug 2006 "C:\Program Files\Plaxo\2.11.1.5\bak\PlaxoHelper.exe"
36975 13 Apr 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe"

end of report

01-08-2008, 12:29 PM	#10 (permalink)
Naomi420 Registered User Join Date: Jan 2008 Posts: 23 OS: xp	Re: Help Computer Is Dying ok i did the ComboFix and the FindAWF also after i did the FindAWF i.e icon popped up on my desktop is that suppose to happen? lol alright thanks a lot for that and heres my new logs ComboFix 08-01-08.4 - Owner 2008-01-08 13:55:56.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.20 [GMT -5:00] Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\NetMon C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\NetMon\log.txt C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol C:\Documents and Settings\Owner\err.log C:\Program Files\Common Files\companion wizard C:\Program Files\Common Files\Companion Wizard\log.txt C:\Program Files\network monitor C:\Program Files\WinBudget C:\Program Files\WinBudget\bin\crap.1165968882.old C:\Program Files\WinBudget\bin\crap.1165990849.old C:\Program Files\WinBudget\bin\matrix.dll.1165990848.old C:\Program Files\WinBudget\bin\matrix.dll.1166081033.old C:\Program Files\WinBudget\bin\matrix.dll.1166332366.old C:\Program Files\WinBudget\bin\matrix.dll.1166674113.old C:\Program Files\WinBudget\bin\matrix.dll.1166850156.old C:\Program Files\WinBudget\bin\matrix.dll.1167119113.old C:\Program Files\WinBudget\bin\matrix.dll.1167370646.old C:\Program Files\WinBudget\bin\matrix.dll.1167715233.old C:\Program Files\WinBudget\bin\matrix.dll.1167993327.old C:\Program Files\WinBudget\bin\matrix.dll.1168235954.old C:\Program Files\WinBudget\bin\matrix.dll.1168498341.old C:\Program Files\WinBudget\bin\matrix.dll.1169192289.old C:\WA6P C:\WINDOWS\Downloaded Program Files.\sysiasvc32.inf C:\WINDOWS\Downloaded Program Files\rave C:\WINDOWS\Downloaded Program Files\rave\avirexe.vdm C:\WINDOWS\Downloaded Program Files\rave\avirscr.vdm C:\WINDOWS\Downloaded Program Files\rave\base.vdm C:\WINDOWS\Downloaded Program Files\rave\daily.vdm C:\WINDOWS\Downloaded Program Files\rave\daily.vdt C:\WINDOWS\Downloaded Program Files\rave\filters.vdm C:\WINDOWS\Downloaded Program Files\rave\kernel.vdk C:\WINDOWS\Downloaded Program Files\rave\keyring.vdk C:\WINDOWS\Downloaded Program Files\rave\mapi_vdm.vdm C:\WINDOWS\Downloaded Program Files\rave\modules.vdk C:\WINDOWS\Downloaded Program Files\rave\rav8def.vdm C:\WINDOWS\Downloaded Program Files\rave\rufs.vdm C:\WINDOWS\Downloaded Program Files\rave\rufsplg.vdm C:\WINDOWS\Downloaded Program Files\rave\unarch.vdm C:\WINDOWS\Downloaded Program Files\rave\unmail.vdm C:\WINDOWS\Downloaded Program Files\rave\unpack.vdm C:\WINDOWS\Downloaded Program Files\temp C:\WINDOWS\emdat.tm C:\WINDOWS\emdat.tmp C:\WINDOWS\enewsletterpro1.dat C:\WINDOWS\system32\.exe C:\WINDOWS\system32\atmtd.dll.tmp C:\WINDOWS\system32\cryptdl.dll C:\WINDOWS\system32\drivers\gipddqup.dat C:\WINDOWS\system32\euoslgtyv.dat C:\WINDOWS\system32\euoslgtyv_nav.dat C:\WINDOWS\system32\euoslgtyv_navps.dat C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\kr_done1 C:\WINDOWS\system32\qbnfvgsty.dat C:\WINDOWS\system32\qbnfvgsty_nav.dat C:\WINDOWS\system32\qbnfvgsty_navps.dat C:\WINDOWS\system32\stera.job C:\WINDOWS\system32\stera.log . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\LEGACY_STHPSSTV -------\LEGACY_VSPF -------\LEGACY_VSPF_HK -------\sthpsstv ((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 ))))))))))))))))))))))))))))))) . 2008-01-08 13:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-08 12:19 . 2008-01-08 12:19 <DIR> d-------- C:\Deckard 2008-01-08 05:04 . 2008-01-08 05:06 812,344 --a------ C:\Program Files\HJTInstall.exe 2008-01-06 10:14 . 2008-01-06 10:14 96,256 --ahs---- C:\WINDOWS\system32\urdvxc.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-08 16:55 --------- d-----w C:\Program Files\Full Tilt Poker 2008-01-08 10:06 --------- d-----w C:\Program Files\Trend Micro 2007-11-29 11:15 --------- d-----w C:\Program Files\Vodafone 2007-11-29 11:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-11-24 11:56 --------- d-----w C:\Program Files\Y!Deceasedv2.0b 2007-11-24 11:56 --------- d-----w C:\Program Files\QuickTime 2007-11-24 11:56 --------- d-----w C:\Program Files\cmer_uninstallers 2007-11-24 11:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft 2007-11-17 11:25 --------- d-----w C:\Program Files\Lavasoft 2007-11-17 11:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft 2007-11-17 11:10 21,216,112 ----a-w C:\Program Files\aaw2007.exe 2007-11-17 09:56 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-17 09:56 --------- d-----w C:\Program Files\XoftSpySE 2007-11-17 09:56 --------- d-----w C:\Program Files\SmitfraudFix 2007-11-17 09:56 --------- d-----w C:\Program Files\Poker.com 2007-11-17 09:04 3,178,952 ----a-w C:\Program Files\XoftSpySE433_263.exe 2007-11-17 08:54 --------- d-----w C:\Program Files\Enigma Software Group 2007-11-17 08:32 4,067,176 ----a-w C:\Program Files\Free-SpyHunter-Scanner-Install.exe 2007-11-16 10:41 1,043,644 ----a-w C:\Program Files\SmitfraudFix.exe 2007-09-23 16:53 1,006,207 ----a-w C:\Program Files\Poker.exe 2007-06-20 18:16 10,171,623 ----a-w C:\Program Files\FullTiltSetup.exe 2007-05-23 05:59 1,542,034 ----a-w C:\Program Files\voy15-01d_hi.wmv 2007-05-23 05:51 1,478,498 ----a-w C:\Program Files\voy15-01c_hi.wmv 2007-05-23 05:46 1,565,138 ----a-w C:\Program Files\voy15-01b_hi.wmv 2007-05-23 05:33 1,212,200 ----a-w C:\Program Files\hh_07092006_3.mpg 2007-05-23 05:26 1,867,776 ----a-w C:\Program Files\157_allmypornstars.com_c.mpg 2007-05-23 05:17 1,574,355 ----a-w C:\Program Files\movie_4.wmv 2007-05-23 05:00 464,900 ----a-w C:\Program Files\V01964_t6_350.mpg 2007-05-22 14:18 1,803,424 ----a-w C:\Program Files\babe-posing-and-masturbating-movies_04.mpg 2007-05-22 14:12 1,910,328 ----a-w C:\Program Files\babe-posing-and-toying-movies_04.mpg 2007-05-22 14:06 1,605,636 ----a-w C:\Program Files\video4.mpg 2007-05-22 13:50 1,713,134 ----a-w C:\Program Files\spy4.mpg 2007-05-22 13:40 1,587,204 ----a-w C:\Program Files\spy2.mpg 2007-05-22 13:32 1,107,972 ----a-w C:\Program Files\beach-sex-06.mpg 2007-05-22 13:26 1,447,154 ----a-w C:\Program Files\spy.wmv 2007-05-21 15:25 2,547,716 ----a-w C:\Program Files\V01382_big_02.mpg 2007-05-21 15:06 1,071,108 ----a-w C:\Program Files\beach-sex-05.mpg 2007-05-21 14:53 1,478,498 ----a-w C:\Program Files\fil12-01d_hi.wmv 2007-05-21 14:45 1,487,162 ----a-w C:\Program Files\fil12-01b_hi.wmv 2007-05-21 14:35 1,555,960 ----a-w C:\Program Files\fil08-02a_hi.wmv 2007-05-18 13:20 1,547,296 ----a-w C:\Program Files\fil08-02d_hi.wmv 2007-05-18 13:04 1,541,520 ----a-w C:\Program Files\fil08-02c_hi.wmv 2007-05-18 12:58 1,532,856 ----a-w C:\Program Files\fil08-02b_hi.wmv 2007-05-18 12:51 2,786,476 ----a-w C:\Program Files\7777.wmv 2007-05-03 09:21 54,087 ----a-w C:\Program Files\smile_sexy.jpg 2007-04-30 03:44 465,520 ----a-w C:\Program Files\msgr8us.exe 2007-04-29 15:57 2,265,956 ----a-w C:\Program Files\candyhi03_chunk_3.wmv 2007-04-29 15:39 1,735,853 ----a-w C:\Program Files\video5.mpg 2007-04-28 16:43 1,762,945 ----a-w C:\Program Files\video4.wmv 2007-04-28 16:36 1,523,716 ----a-w C:\Program Files\00006.mpg 2007-04-28 16:29 1,145,107 ----a-w C:\Program Files\00005.mpg 2007-04-28 16:24 1,589,252 ----a-w C:\Program Files\00004.mpg 2007-04-28 16:17 2,084,868 ----a-w C:\Program Files\video3.mpg 2007-04-28 16:09 3,437,579 ----a-w C:\Program Files\clip4.wmv 2007-04-28 15:44 1,619,972 ----a-w C:\Program Files\0002.mpg 2007-04-28 15:31 1,221,494 ----a-w C:\Program Files\001.wmv 2007-04-25 10:36 338,781 ----a-w C:\Program Files\Rose_for_Wifey.jpg 2007-04-23 11:08 34,044 ----a-w C:\Program Files\mcsmiclock.zip 2007-04-23 11:07 7,310 ----a-w C:\Program Files\own_the_mic.zip 2007-04-14 13:02 851 ----a-w C:\Program Files\resize.reg 2007-04-14 12:49 532,616 ----a-w C:\Program Files\ImageResizerPowertoySetup(2).exe 2007-04-05 13:52 1,247,274 ----a-w C:\Program Files\0003.wmv 2007-04-01 11:06 1,557,566 ----a-w C:\Program Files\4_chunk_24.wmv 2007-04-01 09:55 348,457 ----a-w C:\Program Files\reacharoundbuddiesfilm2_246.wmv 2007-04-01 00:52 7,930,697 ----a-w C:\Program Files\gimp-2.2.13-i586-setup-1.zip 2007-04-01 00:23 5,671,965 ----a-w C:\Program Files\gtk+-2.10.6-1-setup.zip 2007-03-31 23:49 5,322,802 ----a-w C:\Program Files\setupAIR.exe 2007-03-31 07:33 4,537,848 ----a-w C:\Program Files\PortraitProfessionalTrialSetup.exe 2007-03-15 04:23 2,064,388 -c--a-w C:\Program Files\blonde-lesbians-04.mpg 2007-03-15 04:16 2,064,388 -c--a-w C:\Program Files\sex-with-strapon-04.mpg 2007-03-15 04:05 2,064,388 -c--a-w C:\Program Files\red-strapon-action-hard-sex-02.mpg 2007-03-15 03:58 2,064,388 -c--a-w C:\Program Files\red-strapon-action-hard-sex-03.mpg 2007-03-15 03:49 1,778,951 -c--a-w C:\Program Files\hotties_licking_**_204.wmv 2007-03-15 03:41 1,963,883 -c--a-w C:\Program Files\lss1.mpg 2007-03-15 03:32 1,122,304 -c--a-w C:\Program Files\lesbiansex03.mpg 2007-03-15 03:28 1,150,976 -c--a-w C:\Program Files\lesbiansex02.mpg 2007-03-15 03:23 1,177,600 -c--a-w C:\Program Files\lesbiansex01.mpg 2007-03-15 03:19 935,936 -c--a-w C:\Program Files\lesbiansex04.mpg 2007-03-14 15:45 2,064,388 -c--a-w C:\Program Files\strapon-lesbos-hard-sex-04.mpg 2007-03-14 15:35 1,345,540 ----a-w C:\Program Files\whipped-ass4.mpg 2007-03-14 15:24 649,934 -c--a-w C:\Program Files\4a.mpeg 2007-03-14 15:21 1,099,780 ----a-w C:\Program Files\lls.mpg 2007-03-14 15:10 1,093,636 -c--a-w C:\Program Files\bossbitches_02_02_straponforcefucking_06a_tagged.mpg 2007-03-14 15:04 1,492,996 -c--a-w C:\Program Files\take2.mpg 2007-03-14 14:30 468,996 ----a-w C:\Program Files\0ls.mpg 2007-03-14 14:29 473,092 -c--a-w C:\Program Files\ls3.mpg 2007-03-14 14:27 475,140 -c--a-w C:\Program Files\ls2.mpg 2007-03-14 14:24 473,092 -c--a-w C:\Program Files\ls.mpg 2007-03-11 14:10 1,004,873 -c--a-w C:\Program Files\a3.wmv 2007-03-11 14:01 289,478 -c--a-w C:\Program Files\strap-on-movie-01.mpg 2007-03-05 07:33 1,574,008 -c--a-w C:\Program Files\Fonts_1_1.zip 2007-03-02 07:32 12,580,696 -c--a-w C:\Program Files\mm20enu.exe 2007-02-26 09:51 81,408 -c--a-w C:\Program Files\Takanui aka Williams Whanau.doc 2007-02-26 04:18 372,224 -c--a-w C:\Program Files\Familystuff(2).wps 2007-02-26 04:07 372,224 -c--a-w C:\Program Files\Familystuff.wps 2007-02-23 14:16 1,887,088 -c--a-w C:\Program Files\lesbian-strapon-action_04.mpg 2007-02-19 03:07 11,759 -c--a-w C:\Program Files\gargoyles.zip 2007-02-19 03:06 20,262 ----a-w C:\Program Files\bulwarknf.zip 2007-02-19 03:03 100,055 -c--a-w C:\Program Files\bulletholz.zip 2007-02-19 03:02 32,644 -c--a-w C:\Program Files\bloodofdracula.zip 2006-04-30 05:58 602,758 --sh--w C:\WINDOWS\system32\hgjjl.bak1 2002-12-17 05:50 602,741 --sh--w C:\WINDOWS\system32\hgjjl.bak2 . Code: <pre> -c--a-w 2,318,611 2003-01-15 22:53:38 C:\Documents and Settings\Owner\My Documents\Net Commando 2000 lite\Net Commando 2000 lite\Net-Commando .exe </pre> ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ABDA6E-15D2-4C0D-86F7-D2E37E3E986B}] C:\WINDOWS\System32\cryptdl.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 12:00 184376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="C:\WINDOWS\system32\cmd.exe" [2003-03-31 07:00 375808] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 07:00 13312] "Compliant"="gbloblqbw.exe" [] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2003-11-02 09:37:38] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "NoColorChoice"= 0 (0x0) "NoSizeChoice"= 0 (0x0) "NoDispScrSavPage"= 0 (0x0) "NoDispCPL"= 0 (0x0) "NoVisualStyleChoice"= 0 (0x0) "NoDispSettingsPage"= 0 (0x0) "NoDispAppearancePage"= 0 (0x0) "DisableCMD"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoThemesTab"= 0 (0x0) "ForceActiveDesktopOn"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MS-DOS Emulation] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk] backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Printkey2000.lnk] backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Real-time Monitor.lnk] backup=C:\WINDOWS\pss\Real-time Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Sharlene Hokianga.TROJANCREW^Start Menu^Programs^Startup^Quick ShutDown.lnk] backup=C:\WINDOWS\pss\Quick ShutDown.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\banmanpro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Browser Pal] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserBrand] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserFortress] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compliant] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drsmartloadb] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\enewsletterpro] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] -----c--- 2001-11-26 16:35 856064 C:\Program Files\ahead\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InvisibleBrowsing] --a--c--- 2004-10-05 11:02 790528 C:\Program Files\Invisible Browsing\InvisibleBrowsing.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGateway] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Configs 32] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] --a--c--- 2001-08-23 16:52 331830 C:\Program Files\Microsoft Works\WksSb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] --a--c--- 2001-08-16 23:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mopsp1] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWMngr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Perfect Keyboard PRO] --a--c--- 2001-01-22 10:54 122880 C:\Program Files\Perfect Keyboard PRO\pk32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop3trap.exe] --a--c--- 2001-09-13 09:59 294982 C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sdpmsv] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sygate Personal Firewall] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2002-07-12 22:50 146432 C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebTrapNT.exe] --a--c--- 2001-09-13 09:53 235520 C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Tmntsrv"=2 (0x2) R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\System32\drivers\BsStor.sys [2001-11-08 04:00] R1 VIAPFD;VIAPFD;C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 09:45] R2 BsUDF;InCD UDF Driver;C:\WINDOWS\System32\drivers\BsUDF.sys [2001-11-26 16:36] R2 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" [2008-01-06 10:14] R2 Vcs;Vcs support;C:\WINDOWS\System32\Drivers\Vcs.sys [2002-12-10 08:11] R3 trid3d;trid3d;C:\WINDOWS\System32\DRIVERS\trid3dm.sys [2001-08-17 07:51] S0 sthpsstv;sthpsstv;C:\WINDOWS\System32\drivers\gipddqup.da_ [] S1 alfacleaner;alfacleaner;C:\WINDOWS\System32\drivers\hesvc.sys [] S3 ham50;Intel V92 HaM Data Fax Voice;C:\WINDOWS\System32\DRIVERS\IntelH51.sys [2001-10-11 21:48] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-08 14:08:37 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-08 14:14:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-08 19:14:50 Find AWF report by noahdfear ©2006 Version 1.40 The current date is: Tue 01/08/2008 The current time is: 14:16:51.94 bak folders found ~~~~~~~~~~~ Directory of C:\PROGRA~1\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\MICROS~3\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\QUICKT~1\BAK 02/01/2003 04:19 a.m. 77,824 qttask.exe 1 File(s) 77,824 bytes Directory of C:\WINDOWS\SYSTEM32\BAK 07/08/2001 09:50 p.m. 155,648 NeroCheck.exe 1 File(s) 155,648 bytes Directory of C:\PROGRA~1\MICAC0~1\SYSTEM\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\PLAXO\2111~1.5\BAK 08/30/2006 12:46 p.m. 183,367 PlaxoHelper.exe 1 File(s) 183,367 bytes Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK 0 File(s) 0 bytes Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK 04/13/2005 02:48 a.m. 36,975 jusched.exe 1 File(s) 36,975 bytes Duplicate files of bak directory contents ~~~~~~~~~~~~~~~~~~~~~~~ 77824 1 Feb 2003 "C:\Program Files\QuickTime\bak\qttask.exe" 155648 8 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe" 183367 30 Aug 2006 "C:\Program Files\Plaxo\PlaxoHelper.exe" 183367 30 Aug 2006 "C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe" 183367 30 Aug 2006 "C:\Program Files\Plaxo\2.11.1.5\bak\PlaxoHelper.exe" 36975 13 Apr 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe" end of report