Tech Support Forum - View Single Post

sbpleecniadl · 06-28-2007, 01:33 AM

"Shawne Nagy" - 2007-06-27 21:26:52 - ComboFix 07-06-28.2 - Service Pack 2 NTFS

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\wingsa32.dll
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\rqtwa.bak1
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini2
C:\WINDOWS\system32\rqtwa.tmp
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\fccbcdb.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))

2007-06-27 21:26 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 20:02 <DIR> d-------- C:\ie-spyad
2007-06-27 19:57 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-06-27 18:24 <DIR> d-------- C:\WINDOWS\system32\nkwncvkg
2007-06-27 18:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-27 18:05 287,232 --a------ C:\WINDOWS\system32\scchk32.exe
2007-06-27 18:04 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\xiladgte.exe
2007-06-27 17:14 <DIR> d-------- C:\Program Files\Easy SpyRemover
2007-06-27 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-27 15:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-27 15:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-26 23:22 66,112 --a------ C:\WINDOWS\system32\qpfudpgs.dll
2007-06-26 23:19 128,576 --a------ C:\WINDOWS\system32\qphnydqe.dll
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 02:02:23 -------- d-----w C:\Program Files\Norton AntiVirus
2007-06-28 01:56:33 -------- d-----w C:\Program Files\iTunes
2007-06-28 01:55:22 -------- d-----w C:\Program Files\Google
2007-06-28 01:55:21 -------- d-----w C:\Program Files\dvd43
2007-06-28 01:55:20 -------- d-----w C:\Program Files\Digital Line Detect
2007-06-28 01:55:20 -------- d-----w C:\Program Files\Dell Support
2007-06-28 01:54:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-28 01:52:48 -------- d-----w C:\Program Files\BAE
2007-06-28 01:52:00 -------- d-----w C:\Program Files\AIM6
2007-06-26 18:09:34 -------- d-----w C:\Program Files\NetWaiting
2007-05-23 22:27:05 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-08 02:50:20 -------- d-----w C:\Program Files\Symantec
2007-05-08 02:50:19 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-05-08 02:50:19 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-05-08 02:27:15 -------- d-----w C:\Program Files\Yahoo!
2007-04-28 01:54:32 -------- d-----w C:\Program Files\DVD Shrink
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-07-07 12:52]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 04:20]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-02-01 18:50]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-11-17 10:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 10:47]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-23 15:14]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 10:06 C:\WINDOWS\stsystra.exe]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-12 06:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19]
"dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"xiladgte.exe"="C:\Documents and Settings\All Users\Application Data\xiladgte.exe" [2007-06-27 18:04]
"Easy SpyRemover"="C:\Program Files\Easy SpyRemover\EasySpyRemover.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" []
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 20:57]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]

Contents of the 'Scheduled Tasks' folder
2007-06-23 03:45:48 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Shawne Nagy.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 21:33:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-27 21:36:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 21:36

--- E O F ---

06-28-2007, 01:33 AM	#4 (permalink)
sbpleecniadl Registered User Join Date: Jun 2007 Posts: 46 OS: xp	Re: Hijack this Log(Trojan) please help "Shawne Nagy" - 2007-06-27 21:26:52 - ComboFix 07-06-28.2 - Service Pack 2 NTFS (((((((((((((((((((((((((((((((((((((((((((( V Log ))))))))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\wingsa32.dll C:\WINDOWS\system32\rqtwa.bak1 C:\WINDOWS\system32\rqtwa.ini C:\WINDOWS\system32\rqtwa.ini2 C:\WINDOWS\system32\rqtwa.tmp C:\WINDOWS\system32\rqtwa.bak1 C:\WINDOWS\system32\rqtwa.ini C:\WINDOWS\system32\rqtwa.ini2 C:\WINDOWS\system32\rqtwa.tmp C:\WINDOWS\system32\rqtwa.bak1 C:\WINDOWS\system32\rqtwa.ini C:\WINDOWS\system32\rqtwa.ini2 C:\WINDOWS\system32\rqtwa.tmp C:\WINDOWS\system32\awtqr.dll C:\WINDOWS\system32\fccbcdb.dll * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * ((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 ))))))))))))))))))))))))))))))) 2007-06-27 21:26 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-27 20:02 <DIR> d-------- C:\ie-spyad 2007-06-27 19:57 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-06-27 18:24 <DIR> d-------- C:\WINDOWS\system32\nkwncvkg 2007-06-27 18:20 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-06-27 18:05 287,232 --a------ C:\WINDOWS\system32\scchk32.exe 2007-06-27 18:04 56,832 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\xiladgte.exe 2007-06-27 17:14 <DIR> d-------- C:\Program Files\Easy SpyRemover 2007-06-27 15:44 <DIR> d-------- C:\Program Files\Lavasoft 2007-06-27 15:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft 2007-06-27 15:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-06-26 23:22 66,112 --a------ C:\WINDOWS\system32\qpfudpgs.dll 2007-06-26 23:19 128,576 --a------ C:\WINDOWS\system32\qphnydqe.dll 2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys 2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-28 02:02:23 -------- d-----w C:\Program Files\Norton AntiVirus 2007-06-28 01:56:33 -------- d-----w C:\Program Files\iTunes 2007-06-28 01:55:22 -------- d-----w C:\Program Files\Google 2007-06-28 01:55:21 -------- d-----w C:\Program Files\dvd43 2007-06-28 01:55:20 -------- d-----w C:\Program Files\Digital Line Detect 2007-06-28 01:55:20 -------- d-----w C:\Program Files\Dell Support 2007-06-28 01:54:35 -------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-06-28 01:52:48 -------- d-----w C:\Program Files\BAE 2007-06-28 01:52:00 -------- d-----w C:\Program Files\AIM6 2007-06-26 18:09:34 -------- d-----w C:\Program Files\NetWaiting 2007-05-23 22:27:05 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-08 02:50:20 -------- d-----w C:\Program Files\Symantec 2007-05-08 02:50:19 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-05-08 02:50:19 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-05-08 02:27:15 -------- d-----w C:\Program Files\Yahoo! 2007-04-28 01:54:32 -------- d-----w C:\Program Files\DVD Shrink 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-07-07 12:52] {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 04:20] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] {AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-02-01 18:50] {CA6319C0-31B7-401E-A518-A07C3DB8F777}=C:\Program Files\BAE\BAE.dll [2006-11-17 10:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 10:12] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 10:47] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-08-23 15:14] "SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 10:06 C:\WINDOWS\stsystra.exe] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 19:29] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-12-12 06:31] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 15:50] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 15:50] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 05:19] "dvd43"="C:\Program Files\dvd43\dvd43_tray.exe" [2006-05-22 14:26] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59] "osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 18:22] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30] "xiladgte.exe"="C:\Documents and Settings\All Users\Application Data\xiladgte.exe" [2007-06-27 18:04] "Easy SpyRemover"="C:\Program Files\Easy SpyRemover\EasySpyRemover.exe" [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [] "DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2006-08-28 20:57] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice] Contents of the 'Scheduled Tasks' folder 2007-06-23 03:45:48 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Shawne Nagy.job ************************************************************************ catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-27 21:33:18 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-06-27 21:36:42 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-06-27 21:36 --- E O F ---