Login 
 Search | |
28-Oct-2009, 08:19 PM
#1 | ||||||
 Help!Malware(Ads/commercial Media in background)Help! So I was doing some things on the computer and like when I went to look for movies like for Halloween online(I've been to the site many times before without problems) I started to hear commercials in my background but nothing was up making sounds. So I looked up on google what it might be and they said to download 'Combofix' and I did( I looked it up on google to see if it would harm my computer in any way and it said it was harmless. So then It was scanning and it came up with these files(I have no clue what they mean or what they are): ComboFix 09-10-27.08 - Corey Lokken 10/28/2009 15:38.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.128 [GMT -8:00] Running from: c:\documents and settings\Corey Lokken\Desktop\ComboFix.exe AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\chrome.manifest c:\program files\RelevantKnowledge\components\rlxg.dll c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlph.dll c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlxf.dll c:\recycler\S-1-5-21-1390067357-436374069-725345543-1003 c:\recycler\S-1-5-21-1993962763-838170752-725345543-1003 C:\setup.exe ----- BITS: Possible infected sites ----- hxxp://updates.smithmicro.com . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 ))))))))))))))))))))))))))))))) . 2009-10-20 05:28 . 2009-10-21 22:33 -------- d-----w- c:\documents and settings\Corey Lokken\highlights 2009-10-17 04:41 . 1996-08-16 20:49 298496 ----a-w- c:\windows\uninst.exe 2009-10-17 04:41 . 2009-10-17 04:41 -------- d-----w- c:\documents and settings\Corey Lokken\WINDOWS 2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Any Video Converter 2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\program files\Any Video Converter 2009-10-12 03:01 . 2009-10-12 03:01 -------- d-----w- c:\program files\directx 2009-10-12 02:55 . 2009-10-12 02:55 -------- d-----w- c:\program files\Simon and Schuster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-28 23:37 . 2009-08-12 04:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-28 15:08 . 2009-08-13 04:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\LimeWire 2009-10-26 02:46 . 2009-08-31 19:08 38 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences.dat 2009-10-26 02:30 . 2009-09-06 02:56 63 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences2.dat 2009-10-20 21:40 . 2009-08-13 03:41 -------- d-----w- c:\program files\Java 2009-10-19 06:10 . 2009-09-16 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-17 06:09 . 2009-08-12 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-15 12:41 . 2009-08-12 04:08 -------- d-----w- c:\program files\Norton Internet Security 2009-10-09 01:33 . 2009-08-20 06:04 -------- d-----w- c:\program files\Google 2009-09-24 23:06 . 2006-09-06 23:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys 2009-09-24 05:24 . 2009-09-24 05:22 -------- d-----w- c:\program files\iTunes 2009-09-24 05:22 . 2009-09-24 05:22 -------- d-----w- c:\program files\iPod 2009-09-24 05:22 . 2009-08-12 21:03 -------- d-----w- c:\program files\Common Files\Apple 2009-09-17 02:06 . 2009-08-12 21:07 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Apple Computer 2009-09-17 00:00 . 2009-09-16 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-16 23:54 . 2009-09-16 23:53 -------- d-----w- c:\program files\QuickTime 2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\program files\Norton Security Scan 2009-09-09 07:43 . 2009-08-12 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\program files\NortonInstaller 2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\program files\Yahoo! 2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Yahoo! 2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-03 22:38 . 2009-09-03 22:35 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-03 02:03 . 2009-09-03 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios 2009-09-03 01:59 . 2009-09-03 00:59 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-09-03 00:43 . 2009-09-03 00:43 -------- d-----w- c:\program files\Firefly Studios 2009-09-03 00:41 . 2009-08-13 01:37 -------- d-----w- c:\program files\TeamViewer 2009-09-03 00:40 . 2009-08-12 22:23 16016 ----a-w- c:\documents and settings\Corey Lokken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-31 00:37 . 2009-08-31 00:24 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Windows Live Writer 2009-08-29 02:42 . 2009-09-16 23:48 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-29 02:42 . 2009-09-16 23:48 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-20 08:13 . 2009-08-20 08:13 13440 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-12 21:31 . 2009-08-12 21:31 0 -c--a-w- c:\windows\nsreg.dat 2009-08-12 08:20 . 2006-09-07 17:38 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL 2009-08-12 08:20 . 2006-09-07 17:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-08-12 04:26 . 2009-08-12 04:26 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-08-12 04:19 . 2009-08-12 04:19 4480 ----a-w- c:\windows\system32\drivers\VolumeFilter.sys 2009-08-12 04:19 . 2009-08-12 04:19 3968 ----a-w- c:\windows\system32\drivers\DiskFilter.sys 2009-07-31 22:23 . 2009-08-29 03:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-09-16 2048093] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-12 53096] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-29 11536384] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *NewlyCreated* - GTNDIS5 *Deregistered* - mbr *Deregistered* - VolumeFilter . Contents of the 'Scheduled Tasks' folder 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-10-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Corey Lokken.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 19:13] 2009-10-26 c:\windows\Tasks\Norton Security Scan for Corey Lokken.job - c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-09 02:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.everex.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.everex.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Corey Lokken\Application Data\Mozilla\Firefox\Profiles\jx4ju01h.default\ ---- FIREFOX POLICIES ---- . - - - - ORPHANS REMOVED - - - - AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-28 15:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\combofix\CF17840.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\windows\system32\wdfmgr.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE c:\program files\Messenger\msmsgs.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-28 16:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-29 00:02 Pre-Run: 57,279,205,376 bytes free Post-Run: 59,371,540,480 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] Timeout=2 Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - B19B3411B6B1DDA7FC0D1D2ED489A486 And Also this..... ComboFix 09-10-27.08 - Corey Lokken 10/28/2009 15:38.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.128 [GMT -8:00] Running from: c:\documents and settings\Corey Lokken\Desktop\ComboFix.exe AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\chrome.manifest c:\program files\RelevantKnowledge\components\rlxg.dll c:\program files\RelevantKnowledge\install.rdf c:\program files\RelevantKnowledge\rlls.dll c:\program files\RelevantKnowledge\rlph.dll c:\program files\RelevantKnowledge\rlservice.exe c:\program files\RelevantKnowledge\rlvknlg.exe c:\program files\RelevantKnowledge\rlxf.dll c:\recycler\S-1-5-21-1390067357-436374069-725345543-1003 c:\recycler\S-1-5-21-1993962763-838170752-725345543-1003 C:\setup.exe ----- BITS: Possible infected sites ----- hxxp://updates.smithmicro.com . ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 ))))))))))))))))))))))))))))))) . 2009-10-20 05:28 . 2009-10-21 22:33 -------- d-----w- c:\documents and settings\Corey Lokken\highlights 2009-10-17 04:41 . 1996-08-16 20:49 298496 ----a-w- c:\windows\uninst.exe 2009-10-17 04:41 . 2009-10-17 04:41 -------- d-----w- c:\documents and settings\Corey Lokken\WINDOWS 2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Any Video Converter 2009-10-13 03:33 . 2009-10-17 06:21 -------- d-----w- c:\program files\Any Video Converter 2009-10-12 03:01 . 2009-10-12 03:01 -------- d-----w- c:\program files\directx 2009-10-12 02:55 . 2009-10-12 02:55 -------- d-----w- c:\program files\Simon and Schuster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-28 23:37 . 2009-08-12 04:03 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-10-28 15:08 . 2009-08-13 04:21 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\LimeWire 2009-10-26 02:46 . 2009-08-31 19:08 38 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences.dat 2009-10-26 02:30 . 2009-09-06 02:56 63 ----a-w- c:\documents and settings\Corey Lokken\jagex_runescape_preferences2.dat 2009-10-20 21:40 . 2009-08-13 03:41 -------- d-----w- c:\program files\Java 2009-10-19 06:10 . 2009-09-16 15:29 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-17 06:09 . 2009-08-12 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-15 12:41 . 2009-08-12 04:08 -------- d-----w- c:\program files\Norton Internet Security 2009-10-09 01:33 . 2009-08-20 06:04 -------- d-----w- c:\program files\Google 2009-09-24 23:06 . 2006-09-06 23:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys 2009-09-24 05:24 . 2009-09-24 05:22 -------- d-----w- c:\program files\iTunes 2009-09-24 05:22 . 2009-09-24 05:22 -------- d-----w- c:\program files\iPod 2009-09-24 05:22 . 2009-08-12 21:03 -------- d-----w- c:\program files\Common Files\Apple 2009-09-17 02:06 . 2009-08-12 21:07 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Apple Computer 2009-09-17 00:00 . 2009-09-16 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-09-16 23:54 . 2009-09-16 23:53 -------- d-----w- c:\program files\QuickTime 2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-09-09 07:43 . 2009-09-09 07:43 -------- d-----w- c:\program files\Norton Security Scan 2009-09-09 07:43 . 2009-08-12 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\program files\NortonInstaller 2009-09-09 07:42 . 2009-09-09 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-09-07 17:09 . 2009-09-07 17:08 -------- d-----w- c:\program files\Yahoo! 2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Yahoo! 2009-09-07 17:09 . 2009-09-07 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-03 22:38 . 2009-09-03 22:35 -------- d-----w- c:\program files\Common Files\Adobe 2009-09-03 02:03 . 2009-09-03 02:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios 2009-09-03 01:59 . 2009-09-03 00:59 108144 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-09-03 00:43 . 2009-09-03 00:43 -------- d-----w- c:\program files\Firefly Studios 2009-09-03 00:41 . 2009-08-13 01:37 -------- d-----w- c:\program files\TeamViewer 2009-09-03 00:40 . 2009-08-12 22:23 16016 ----a-w- c:\documents and settings\Corey Lokken\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-31 00:37 . 2009-08-31 00:24 -------- d-----w- c:\documents and settings\Corey Lokken\Application Data\Windows Live Writer 2009-08-29 02:42 . 2009-09-16 23:48 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-08-29 02:42 . 2009-09-16 23:48 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-08-20 08:13 . 2009-08-20 08:13 13440 -c-ha-w- c:\windows\system32\mlfcache.dat 2009-08-12 21:31 . 2009-08-12 21:31 0 -c--a-w- c:\windows\nsreg.dat 2009-08-12 08:20 . 2006-09-07 17:38 60808 -c--a-w- c:\windows\system32\S32EVNT1.DLL 2009-08-12 08:20 . 2006-09-07 17:38 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-08-12 04:26 . 2009-08-12 04:26 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-08-12 04:19 . 2009-08-12 04:19 4480 ----a-w- c:\windows\system32\drivers\VolumeFilter.sys 2009-08-12 04:19 . 2009-08-12 04:19 3968 ----a-w- c:\windows\system32\drivers\DiskFilter.sys 2009-07-31 22:23 . 2009-08-29 03:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-09-09 05:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2005-09-16 2048093] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-12 53096] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280] "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248] "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2006-04-11 176128] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-06-20 577536] c:\documents and settings\All Users\Start Menu\Programs\Startup\ PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2009-6-29 11536384] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= S0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2006-02-23 11264] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448] --- Other Services/Drivers In Memory --- *NewlyCreated* - COMHOST *NewlyCreated* - GTNDIS5 *Deregistered* - mbr *Deregistered* - VolumeFilter . Contents of the 'Scheduled Tasks' folder 2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-10-24 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Corey Lokken.job - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-02-05 19:13] 2009-10-26 c:\windows\Tasks\Norton Security Scan for Corey Lokken.job - c:\program files\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-09-09 02:58] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.everex.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.everex.com/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Corey Lokken\Application Data\Mozilla\Firefox\Profiles\jx4ju01h.default\ ---- FIREFOX POLICIES ---- . - - - - ORPHANS REMOVED - - - - AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\relevantknowledge\rlvknlg.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-28 15:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccProxy.exe c:\program files\Common Files\Symantec Shared\SNDSrvc.exe c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe c:\combofix\CF17840.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe c:\windows\system32\wdfmgr.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE c:\program files\Messenger\msmsgs.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-28 16:02 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-29 00:02 Pre-Run: 57,279,205,376 bytes free Post-Run: 59,371,540,480 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] Timeout=2 Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - B19B3411B6B1DDA7FC0D1D2ED489A486 So far I haven't heard those ads....YET.  ACDCRockerLast edited by ACDCRocker; 29-Oct-2009 at 06:32 PM.. |
 |
| Tags |
| ad media background, help!, malware |
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service. All times are GMT -4. The time now is 09:52 AM. Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved. |  |
Facebook
Twitter
TechGuy.tv
TSG Mobile