Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Windows XP
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Operating Systems > Windows XP >
Malware(Ads/commercial Media in background)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

 
Thread Tools
ACDCRocker's Avatar
Computer Specs
Member with 35 posts.
  
Join Date: Jun 2009
Experience: Intermediate
28-Oct-2009, 07:19 PM #1
Exclamation Help!Malware(Ads/commercial Media in background)Help!
So I was doing some things on the computer and like when I went to look for movies like for Halloween online(I've been to the site many times before without problems) I started to hear commercials in my background but nothing was up making sounds. So I looked up on google what it might be and they said to download 'Combofix' and I did( I looked it up on google to see if it would harm my computer in any way and it said it was harmless. So then It was scanning and it came up with these files(I have no clue what they mean or what they are):

ComboFix 09-10-27.08 - Corey Lokken 10/28/2009 15:38.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.128 [GMT -8:00]
Running from: c:\documents and settings\Corey Lokken\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\recycler\S-1-5-21-1390067357-436374069-725345543-1003
c:\recycler\S-1-5-21-1993962763-838170752-725345543-1003
C:\setup.exe

----- BITS: Possible infected sites -----

hxxp://updates.smithmicro.com
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-20 05:28 . 2009-10-21 22:33 -------- d-----w- c:\documents and settings\Corey Lokken\highlights
2009-10-17 04:41 . 1996-08-16 20:49 298496 ----a-w- c:\windows\uninst.exe
2009-10-17 04:41 . 2009-10-17 04:41 -------- d-----w- c:\documents and settings\Corey Lokken\WINDOWS
2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Any Video Converter
2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\program files\Any Video Converter
2009-10-12 03:01 . 2009-10-12 03:01 -------- d-----w- c:\program files\directx
2009-10-12 02:55 . 2009-10-12 02:55 -------- d-----w- c:\program files\Simon and Schuster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 23:37 . 2009-08-12 04:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-28 15:08 . 2009-08-13 04:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\LimeWire
2009-10-26 02:46 . 2009-08-31 19:08 38 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences.dat
2009-10-26 02:30 . 2009-09-06 02:56 63 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences2.dat
2009-10-20 21:40 . 2009-08-13 03:41 -------- d-----w- c:\program files\Java
2009-10-19 06:10 . 2009-09-16 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-17 06:09 . 2009-08-12 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 12:41 . 2009-08-12 04:08 -------- d-----w- c:\program files\Norton Internet Security
2009-10-09 01:33 . 2009-08-20 06:04 -------- d-----w- c:\program files\Google
2009-09-24 23:06 . 2006-09-06 23:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-09-24 05:24 . 2009-09-24 05:22 -------- d-----w- c:\program files\iTunes
2009-09-24 05:22 . 2009-09-24 05:22 -------- d-----w- c:\program files\iPod
2009-09-24 05:22 . 2009-08-12 21:03 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 02:06 . 2009-08-12 21:07 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Apple Computer
2009-09-17 00:00 . 2009-09-16 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 23:54 . 2009-09-16 23:53 -------- d-----w- c:\program files\QuickTime
2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\program files\Norton Security Scan
2009-09-09 07:43 . 2009-08-12 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\program files\NortonInstaller
2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\program files\Yahoo!
2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Yahoo!
2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-03 22:38 . 2009-09-03 22:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-03 02:03 . 2009-09-03 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2009-09-03 01:59 . 2009-09-03 00:59 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-03 00:43 . 2009-09-03 00:43 -------- d-----w- c:\program files\Firefly Studios
2009-09-03 00:41 . 2009-08-13 01:37 -------- d-----w- c:\program files\TeamViewer
2009-09-03 00:40 . 2009-08-12 22:23 16016 ----a-w- c:\documents and settings\Corey Lokken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 00:37 . 2009-08-31 00:24 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Windows Live Writer
2009-08-29 02:42 . 2009-09-16 23:48 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-16 23:48 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-20 08:13 . 2009-08-20 08:13 13440 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-08-12 21:31 . 2009-08-12 21:31 0 -c--a-w- c:\windows\nsreg.dat
2009-08-12 08:20 . 2006-09-07 17:38 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-12 08:20 . 2006-09-07 17:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-12 04:26 . 2009-08-12 04:26 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-12 04:19 . 2009-08-12 04:19 4480 ----a-w- c:\windows\system32\drivers\VolumeFilter.sys
2009-08-12 04:19 . 2009-08-12 04:19 3968 ----a-w- c:\windows\system32\drivers\DiskFilter.sys
2009-07-31 22:23 . 2009-08-29 03:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-09-16 2048093]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-12 53096]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-29 11536384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - GTNDIS5
*Deregistered* - mbr
*Deregistered* - VolumeFilter
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Corey Lokken.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 19:13]

2009-10-26 c:\windows\Tasks\Norton Security Scan for Corey Lokken.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-09 02:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.everex.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.everex.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Corey Lokken\Application Data\Mozilla\Firefox\Profiles\jx4ju01h.default\

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 15:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\combofix\CF17840.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\Messenger\msmsgs.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 00:02

Pre-Run: 57,279,205,376 bytes free
Post-Run: 59,371,540,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B19B3411B6B1DDA7FC0D1D2ED489A486






And Also this.....

ComboFix 09-10-27.08 - Corey Lokken 10/28/2009 15:38.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.128 [GMT -8:00]
Running from: c:\documents and settings\Corey Lokken\Desktop\ComboFix.exe
AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\components\rlxg.dll
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\rlls.dll
c:\program files\RelevantKnowledge\rlph.dll
c:\program files\RelevantKnowledge\rlservice.exe
c:\program files\RelevantKnowledge\rlvknlg.exe
c:\program files\RelevantKnowledge\rlxf.dll
c:\recycler\S-1-5-21-1390067357-436374069-725345543-1003
c:\recycler\S-1-5-21-1993962763-838170752-725345543-1003
C:\setup.exe

----- BITS: Possible infected sites -----

hxxp://updates.smithmicro.com
.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
.

2009-10-20 05:28 . 2009-10-21 22:33 -------- d-----w- c:\documents and settings\Corey Lokken\highlights
2009-10-17 04:41 . 1996-08-16 20:49 298496 ----a-w- c:\windows\uninst.exe
2009-10-17 04:41 . 2009-10-17 04:41 -------- d-----w- c:\documents and settings\Corey Lokken\WINDOWS
2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Any Video Converter
2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\program files\Any Video Converter
2009-10-12 03:01 . 2009-10-12 03:01 -------- d-----w- c:\program files\directx
2009-10-12 02:55 . 2009-10-12 02:55 -------- d-----w- c:\program files\Simon and Schuster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 23:37 . 2009-08-12 04:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-28 15:08 . 2009-08-13 04:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\LimeWire
2009-10-26 02:46 . 2009-08-31 19:08 38 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences.dat
2009-10-26 02:30 . 2009-09-06 02:56 63 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences2.dat
2009-10-20 21:40 . 2009-08-13 03:41 -------- d-----w- c:\program files\Java
2009-10-19 06:10 . 2009-09-16 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-17 06:09 . 2009-08-12 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-15 12:41 . 2009-08-12 04:08 -------- d-----w- c:\program files\Norton Internet Security
2009-10-09 01:33 . 2009-08-20 06:04 -------- d-----w- c:\program files\Google
2009-09-24 23:06 . 2006-09-06 23:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-09-24 05:24 . 2009-09-24 05:22 -------- d-----w- c:\program files\iTunes
2009-09-24 05:22 . 2009-09-24 05:22 -------- d-----w- c:\program files\iPod
2009-09-24 05:22 . 2009-08-12 21:03 -------- d-----w- c:\program files\Common Files\Apple
2009-09-17 02:06 . 2009-08-12 21:07 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Apple Computer
2009-09-17 00:00 . 2009-09-16 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 23:54 . 2009-09-16 23:53 -------- d-----w- c:\program files\QuickTime
2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\program files\Norton Security Scan
2009-09-09 07:43 . 2009-08-12 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\program files\NortonInstaller
2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\program files\Yahoo!
2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Yahoo!
2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-03 22:38 . 2009-09-03 22:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-03 02:03 . 2009-09-03 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2009-09-03 01:59 . 2009-09-03 00:59 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-03 00:43 . 2009-09-03 00:43 -------- d-----w- c:\program files\Firefly Studios
2009-09-03 00:41 . 2009-08-13 01:37 -------- d-----w- c:\program files\TeamViewer
2009-09-03 00:40 . 2009-08-12 22:23 16016 ----a-w- c:\documents and settings\Corey Lokken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 00:37 . 2009-08-31 00:24 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Windows Live Writer
2009-08-29 02:42 . 2009-09-16 23:48 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-09-16 23:48 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-20 08:13 . 2009-08-20 08:13 13440 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-08-12 21:31 . 2009-08-12 21:31 0 -c--a-w- c:\windows\nsreg.dat
2009-08-12 08:20 . 2006-09-07 17:38 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2009-08-12 08:20 . 2006-09-07 17:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-12 04:26 . 2009-08-12 04:26 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-12 04:19 . 2009-08-12 04:19 4480 ----a-w- c:\windows\system32\drivers\VolumeFilter.sys
2009-08-12 04:19 . 2009-08-12 04:19 3968 ----a-w- c:\windows\system32\drivers\DiskFilter.sys
2009-07-31 22:23 . 2009-08-29 03:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-09-16 2048093]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-12 53096]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-29 11536384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - GTNDIS5
*Deregistered* - mbr
*Deregistered* - VolumeFilter
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Corey Lokken.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 19:13]

2009-10-26 c:\windows\Tasks\Norton Security Scan for Corey Lokken.job
- c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-09 02:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.everex.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.everex.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Corey Lokken\Application Data\Mozilla\Firefox\Profiles\jx4ju01h.default\

---- FIREFOX POLICIES ----
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-28 15:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\combofix\CF17840.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
c:\program files\Messenger\msmsgs.exe
c:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-28 16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-29 00:02

Pre-Run: 57,279,205,376 bytes free
Post-Run: 59,371,540,480 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B19B3411B6B1DDA7FC0D1D2ED489A486
So far I haven't heard those ads....YET.

ACDCRocker
Last edited by ACDCRocker : 29-Oct-2009 05:32 PM.
Reply Bookmark and Share

Tags
ad media background, help!, malware

Smart Search

Find your solution!


« Previous Thread | Windows XP | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:31 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.