Thread: pop ups
View Single Post
Old 05-05-2007, 07:17 PM   #10 (permalink)
poiison
Registered User
 
Join Date: Apr 2007
Posts: 13
OS: winxp


Re: pop ups
"Kylie" - 2007-05-06 9:27:47 Service Pack 2
ComboFix 07-05.04.3.V - Running from: "C:\Documents and Settings\Kylie\Desktop\"
Command switches used :: "/v vtsqr pmnoomm"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rqstv.tmp
C:\WINDOWS\system32\rqstv.ini
C:\WINDOWS\system32\rqstv.bak1
C:\WINDOWS\system32\rqstv.bak2
C:\WINDOWS\system32\vtsqr.dll
C:\WINDOWS\system32\pmnoomm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((( Files Created from 2007-04-06 to 2007-05-06 ))))))))))))))))))))))))))))))))))


2007-05-04 19:37 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-02 17:37 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-01 16:19 <DIR> d--hs---- C:\FOUND.001
2007-04-26 22:27 <DIR> d-------- C:\DOCUME~1\Kylie\APPLIC~1\Uniblue
2007-04-26 13:47 <DIR> d-------- C:\DOCUME~1\Kylie\.housecall6.6
2007-04-25 18:47 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-04-25 18:47 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-04-11 18:12 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-10 11:45 94,208 --a------ C:\WINDOWS\ccuninst.exe
2007-04-10 11:07 <DIR> d-------- C:\Program Files\Telstra


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-26 12:27:56 -------- d-----w C:\DOCUME~1\Kylie\APPLIC~1.\Uniblue
2007-04-15 08:00:12 664 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-03-28 08:41:32 517,848 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 08:41:28 132,824 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-28 08:41:26 266,552 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 08:41:24 18,904 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 08:41:20 37,016 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 08:41:18 47,192 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 08:41:14 171,928 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 08:41:12 11,480 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\Program Files\Spybot - Search & Destroy\SDHelper.dll"
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"="C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll"
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"="C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll"
"{AA58ED58-01DD-4d91-8333-CF10577473F7}"="c:\program files\google\googletoolbar4.dll"
"{BDF3E430-B101-42AD-A544-FADC6B084872}"="C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="soundman.exe"
"SiS Tray"=""
"SiS KHooker"="C:\\WINDOWS\\System32\\khooker.exe"
"AtiPTA"="atiptaxx.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -onlytray"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ecc"="C:\\Program Files\\Telstra\\BigPond Assist\\assist.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="NVDESK32.DLL"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0
Usnsvc usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
C:\WINDOWS\tasks\Symantec Drmc.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Kylie.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-06 09:47:38
Windows 5.1.2600 Service Pack 2 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-06 9:51:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-06 09:51
C:\ComboFix3.txt ... 2007-05-04 08:51
C:\ComboFix2.txt ... 2007-05-05 08:42
C:\ComboFix ... 2007-05-06 09:25
Attached Files
File Type: txt extra.txt (9.7 KB, 2 views)
poiison is offline