Tech Support Forum - View Single Post

poiison · 05-02-2007, 02:19 AM

"Kylie" - 07-05-02 18:05:24 Service Pack 2
ComboFix 07-05.01.V - Running from: "C:\Documents and Settings\Kylie\Desktop\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 ))))))))))))))))))))))))))))))))))

2007-05-02 17:37 578,812 ---hs---- C:\WINDOWS\system32\rqstv.bak1
2007-05-02 17:37 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-02 17:34 284,244 ---hs---- C:\WINDOWS\system32\vtsqr.dll
2007-05-01 16:19 <DIR> d--hs---- C:\FOUND.001
2007-04-26 22:27 <DIR> d-------- C:\DOCUME~1\Kylie\APPLIC~1\Uniblue
2007-04-26 13:47 <DIR> d-------- C:\DOCUME~1\Kylie\.housecall6.6
2007-04-25 18:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-25 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-04-25 18:28 26,678 --a------ C:\WINDOWS\system32\awtuuvv.dll
2007-04-25 13:43 26,678 --a------ C:\WINDOWS\system32\jkkjhgf.dll
2007-04-25 13:41 26,678 --a------ C:\WINDOWS\system32\yayyyax.dll
2007-04-25 13:39 26,678 --a------ C:\WINDOWS\system32\xxyaxww.dll
2007-04-25 13:38 26,678 --a------ C:\WINDOWS\system32\pmnoomm.dll
2007-04-11 18:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-10 11:45 94,208 --a------ C:\WINDOWS\ccuninst.exe
2007-04-10 11:07 <DIR> d-------- C:\Program Files\Telstra

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-26 12:27:56 -------- d-----w C:\DOCUME~1\Kylie\APPLIC~1.\Uniblue
2007-04-15 08:00:12 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-03-28 08:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 08:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-28 08:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 08:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 08:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 08:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 08:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 08:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"="C:\WINDOWS\system32\pmnoomm.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar4.dll"
"{B39E3747-A99E-4F2D-905D-F3CAE71236EA}"="C:\WINDOWS\system32\mljge.dll" [x]
"{B58EA017-369C-41FB-9270-77F10A0716CB}"="C:\WINDOWS\system32\vtsqr.dll"
"{BDF3E430-B101-42AD-A544-FADC6B084872}"="C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="soundman.exe"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"AtiPTA"="atiptaxx.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ecc"="C:\\Program Files\\Telstra\\BigPond Assist\\assist.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"="C:\WINDOWS\system32\pmnoomm.dll"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnoomm
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="NVDESK32.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
Usnsvc usnsvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Kylie.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-02 18:12:46
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-05-02 18:14:23
C:\ComboFix-quarantined-files.txt ... 07-05-02 18:14
C:\ComboFix3.txt ... 07-05-02 17:40
C:\ComboFix2.txt ... 07-05-02 17:51

05-02-2007, 02:19 AM	#3 (permalink)
poiison Registered User Join Date: Apr 2007 Posts: 13 OS: winxp	Re: pop ups "Kylie" - 07-05-02 18:05:24 Service Pack 2 ComboFix 07-05.01.V - Running from: "C:\Documents and Settings\Kylie\Desktop\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-02 to 2007-05-02 )))))))))))))))))))))))))))))))))) 2007-05-02 17:37 578,812 ---hs---- C:\WINDOWS\system32\rqstv.bak1 2007-05-02 17:37 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-02 17:34 284,244 ---hs---- C:\WINDOWS\system32\vtsqr.dll 2007-05-01 16:19 <DIR> d--hs---- C:\FOUND.001 2007-04-26 22:27 <DIR> d-------- C:\DOCUME~1\Kylie\APPLIC~1\Uniblue 2007-04-26 13:47 <DIR> d-------- C:\DOCUME~1\Kylie\.housecall6.6 2007-04-25 18:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-04-25 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision 2007-04-25 18:28 26,678 --a------ C:\WINDOWS\system32\awtuuvv.dll 2007-04-25 13:43 26,678 --a------ C:\WINDOWS\system32\jkkjhgf.dll 2007-04-25 13:41 26,678 --a------ C:\WINDOWS\system32\yayyyax.dll 2007-04-25 13:39 26,678 --a------ C:\WINDOWS\system32\xxyaxww.dll 2007-04-25 13:38 26,678 --a------ C:\WINDOWS\system32\pmnoomm.dll 2007-04-11 18:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-04-10 11:45 94,208 --a------ C:\WINDOWS\ccuninst.exe 2007-04-10 11:07 <DIR> d-------- C:\Program Files\Telstra (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-26 12:27:56 -------- d-----w C:\DOCUME~1\Kylie\APPLIC~1.\Uniblue 2007-04-15 08:00:12 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat 2007-03-28 08:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-03-28 08:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-03-28 08:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2007-03-28 08:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2007-03-28 08:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2007-03-28 08:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2007-03-28 08:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2007-03-28 08:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys 2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys 2007-02-05 20:17:02 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" "{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" "{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" "{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"="C:\WINDOWS\system32\pmnoomm.dll" "{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar4.dll" "{B39E3747-A99E-4F2D-905D-F3CAE71236EA}"="C:\WINDOWS\system32\mljge.dll" [x] "{B58EA017-369C-41FB-9270-77F10A0716CB}"="C:\WINDOWS\system32\vtsqr.dll" "{BDF3E430-B101-42AD-A544-FADC6B084872}"="C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "SoundMan"="soundman.exe" "SiS Tray"="" "SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe" "AtiPTA"="atiptaxx.exe" "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "ecc"="C:\\Program Files\\Telstra\\BigPond Assist\\assist.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz" "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=dword:00000000 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9E93A147-E3F9-47AB-BAF0-915CCAAA7034}"="C:\WINDOWS\system32\pmnoomm.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljge HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnoomm HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqr [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="NVDESK32.DLL" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 Usnsvc usnsvc\0\0 Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job C:\WINDOWS\tasks\Symantec Drmc.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Kylie.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-02 18:12:46 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 07-05-02 18:14:23 C:\ComboFix-quarantined-files.txt ... 07-05-02 18:14 C:\ComboFix3.txt ... 07-05-02 17:40 C:\ComboFix2.txt ... 07-05-02 17:51