Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

helper.sig in popup window on startup


  • This topic is locked This topic is locked
4 replies to this topic

#1 holmescj

holmescj

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 17 January 2010 - 02:17 PM

A few days ago a window started popping up when I reboot. The window has folder Common with only 1 file in it - helper.sig. The Common folder was created on 1/31/09. helper.sig was created 1/31/09 and modified 2/1/09. But it has only been popping up the last few days. I am posting the 2 logs from DDS, but am unable to post the log or report from RootRepeal because everytime I try to run it, it completely locks up my computer. It shows a window that says something about initializing and then everything freezes up. Thank you.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Carolyn at 20:47:28.81 on 01/16/10
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.150 [GMT -6:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carolyn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\common\helper.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
uRun: [AdwareAlert] c:\program files\adwarealert\AdwareAlert.exe -boot
uRun: [mSpotAlltelRemix] "c:\program files\alltel jump music\remix\msptcmd.exe" /runcheck
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\photosmart\hp share-to-web\hpgs2wnd.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [ViewMgr] c:\program files\viewpoint\viewpoint manager\ViewMgr.exe
mRun: [AOLSSCASPUpgrade] c:\documents and settings\carolyn\local settings\temp\ssc_asp_upgrade_1.1.4.6\setup.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [lphctwcj0e7cn] c:\windows\system32\lphctwcj0e7cn.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
dRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\carolyn\startm~1\programs\startup\pictur~1.lnk - c:\program files\nikon\pictureproject in touch\PictureProjectInTouch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {9239E4EC-C9A6-11D2-A844-00C04F68D538}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113770240984
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140295593562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - hxxps://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
Filter: text/html - {8aeea45f-9e97-48a0-b434-3417a8d04c08} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-2-1 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-1 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-1 108552]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2009-4-24 1370488]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-3-19 5120]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-2-1 29208]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-2-1 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-29 30192]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-11-30 189792]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2004-9-11 15576]

=============== Created Last 30 ================

2010-01-17 00:18:59 0 d-sh--w- c:\documents and settings\carolyn\PrivacIE
2010-01-16 23:56:51 0 d-sh--w- c:\documents and settings\carolyn\IETldCache
2010-01-16 23:16:29 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-16 23:16:27 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-16 23:16:21 0 d-----w- c:\windows\ie8updates
2010-01-16 23:16:04 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-16 23:14:43 0 dc-h--w- c:\windows\ie8
2010-01-13 03:53:05 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-02 22:26:32 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-01-02 22:26:30 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-01-02 22:26:20 0 d-----w- c:\program files\common files\Pure Networks Shared
2010-01-02 22:03:09 0 d-----w- c:\program files\WebEx
2010-01-02 21:38:34 0 d-----w- c:\program files\Linksys
2010-01-02 15:08:11 0 d-----w- c:\docume~1\carolyn\applic~1\AVG8
2009-12-27 15:15:10 7754 ----a-w- C:\admcfg.cfg

==================== Find3M ====================

2009-12-09 02:27:41 71628 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-01 00:13:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-12-01 00:10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-12-01 00:10:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-12-01 00:10:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-29 05:33:23 256 ----a-w- c:\documents and settings\carolyn\pool.bin
2009-10-29 07:46:51 133120 ------w- c:\windows\system32\dllcache\extmgr.dll
2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45:38 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-10-29 07:45:37 5940736 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-10-29 07:45:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-10-29 07:45:37 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-10-29 07:45:35 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-10-29 07:45:35 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-10-29 07:45:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-10-29 07:45:34 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-10-29 07:45:34 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-10-29 07:45:33 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-10-29 07:45:32 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-10-28 14:40:47 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-28 14:36:11 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2004-03-19 22:43:54 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12:01 57344 --sha-w- c:\windows\system32\msvcirt.dll

============= FINISH: 20:48:29.29 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:49 AM

Posted 18 January 2010 - 11:48 AM

Hi holmescj,

Welcome to Virus/Trojan/Spyware/Malware Removal (VTSMR) forum. I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. Please let me know in your next reply if you agree with this.
  1. Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#3 holmescj

holmescj
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 18 January 2010 - 11:12 PM

I won't make any changes to my system until you let me know it's ok to. I disabled my AVG firewall and the resident shield, downloaded and ran Combofix, then downloaded the Microsoft Recovery Console. I'm posting the Combofix below. I have turned turned the firewall and resident shield back on. I assume that's ok. Oh, by the way, when the system rebooted, the Common folder popup window with helper.sig did NOT pop up.
Thanks

ComboFix 10-01-18.02 - Carolyn 01/18/10 21:37:21.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.185 [GMT -6:00]
Running from: c:\documents and settings\Carolyn\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Carolyn\My Documents\ZbThumbnail.info
c:\program files\Common
c:\program files\Common\helper.sig
c:\windows\desktop
c:\windows\desktop\Install America Online - Free Trial.lnk
c:\windows\EventSystem.log
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-18 21:22 . 2010-01-18 21:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-17 09:00 . 2010-01-17 09:00 -------- d-----w- c:\windows\LastGood.Tmp
2010-01-17 00:18 . 2010-01-17 00:18 -------- d-sh--w- c:\documents and settings\Carolyn\PrivacIE
2010-01-17 00:02 . 2010-01-17 00:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-16 23:56 . 2010-01-16 23:56 -------- d-sh--w- c:\documents and settings\Carolyn\IETldCache
2010-01-16 23:16 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-01-16 23:16 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-16 23:16 . 2010-01-17 09:01 -------- d-----w- c:\windows\ie8updates
2010-01-16 23:16 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-01-16 23:14 . 2010-01-16 23:14 -------- dc-h--w- c:\windows\ie8
2010-01-13 03:53 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-02 22:26 . 2009-07-07 20:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2010-01-02 22:26 . 2009-07-07 20:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2010-01-02 22:26 . 2010-01-02 22:26 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-01-02 22:03 . 2010-01-02 22:03 -------- d-----w- c:\program files\WebEx
2010-01-02 21:38 . 2010-01-02 22:21 -------- d-----w- c:\program files\Linksys
2010-01-02 15:08 . 2010-01-02 15:08 -------- d-----w- c:\documents and settings\Carolyn\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 03:52 . 2009-08-10 00:21 256 ----a-w- c:\windows\system32\pool.bin
2010-01-17 00:18 . 2009-06-11 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-07 03:53 . 2009-11-29 00:13 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-03 03:51 . 2004-07-21 23:56 84808 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-02 22:32 . 2006-02-19 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-01-02 22:27 . 2006-02-19 21:23 -------- d-----w- c:\program files\Pure Networks
2010-01-02 22:27 . 2010-01-02 22:02 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-12-22 02:34 . 2005-01-30 17:51 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Skype
2009-12-09 02:27 . 2009-12-09 02:27 71628 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-01 00:13 . 2009-12-01 00:13 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2009-12-01 00:10 . 2009-12-01 00:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2009-12-01 00:10 . 2009-12-01 00:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2009-12-01 00:10 . 2009-12-01 00:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-30 01:27 . 2009-11-30 01:27 -------- d-----w- c:\documents and settings\Carolyn\Application Data\GARMIN
2009-11-30 01:19 . 2009-11-30 01:19 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-11-30 01:19 . 2009-11-30 01:19 -------- d-----w- c:\program files\DIFX
2009-11-30 01:19 . 2009-11-30 01:19 -------- d-----w- c:\program files\Garmin
2009-11-29 05:33 . 2009-08-10 01:21 256 ----a-w- c:\documents and settings\Carolyn\pool.bin
2009-11-29 00:14 . 2009-11-29 00:14 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Thunderbird
2009-11-23 03:25 . 2009-08-10 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-22 21:56 . 2009-11-01 03:06 -------- d-----w- c:\documents and settings\Carolyn\Application Data\Research In Motion
2009-11-22 21:54 . 2009-11-22 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-22 21:54 . 2009-11-01 02:50 -------- d-----w- c:\program files\Research In Motion
2009-11-21 15:51 . 2004-03-19 22:33 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2004-03-19 22:43 . 2004-03-19 22:43 94784 --sh--w- c:\windows\TWAIN.DLL
2008-04-14 00:12 . 2004-03-19 22:43 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 00:12 . 2004-03-19 22:40 57344 --sha-w- c:\windows\SYSTEM32\msvcirt.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-05-28 13:17 . 2005-08-05 20:08 67160 c:\program files\AIM\bak\aim.exe

2004-07-21 23:46 . 2004-05-26 03:35 335872 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2003-08-19 06:01 . 2003-08-19 06:01 110592 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe

2005-07-15 21:48 . 2005-07-15 21:48 479232 c:\program files\Google\Gmail Notifier\bak\gnotify.exe
2005-07-15 21:48 . 2005-07-15 21:48 479232 c:\program files\Google\Gmail Notifier\gnotify.exe

2007-02-19 13:14 . 2007-09-14 10:45 421888 c:\program files\Grisoft\AVG7\bak\avgcc.exe

2004-09-11 17:42 . 2001-07-03 14:11 57344 c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\bak\hpgs2wnd.exe

2004-09-11 17:41 . 2001-08-09 22:06 45056 c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe

2004-07-21 23:46 . 2003-09-04 01:12 221184 c:\program files\Intel\Modem Event Monitor\bak\IntelMEM.exe

2003-11-19 22:48 . 2003-11-19 22:48 32881 c:\program files\Java\j2re1.4.2_03\bin\bak\jusched.exe

2005-02-05 15:12 . 2004-11-19 20:00 1343488 c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe

2003-06-18 17:00 . 2003-06-18 17:00 200704 c:\program files\Microsoft Money\System\bak\mnyexpr.exe

2004-07-21 23:53 . 2004-04-19 19:45 53248 c:\program files\MUSICMATCH\Musicmatch Jukebox\bak\mmtask.exe

2006-10-26 00:58 . 2006-10-26 00:58 282624 c:\program files\QuickTime\bak\qttask.exe

2004-07-21 23:48 . 2004-07-21 23:48 26112 c:\program files\Real\RealPlayer\bak\RealPlay.exe

2004-07-21 23:47 . 2004-03-15 06:04 122933 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:02 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [N/A]
"AdwareAlert"="c:\program files\AdwareAlert\AdwareAlert.exe" [N/A]
"mSpotAlltelRemix"="c:\program files\Alltel Jump Music\Remix\msptcmd.exe" [2007-11-02 1490944]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [N/A]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [N/A]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [N/A]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [N/A]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [N/A]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [N/A]
"mmtask"="c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [N/A]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [N/A]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [N/A]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"lphctwcj0e7cn"="c:\windows\System32\lphctwcj0e7cn.exe" [N/A]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-12 30192]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-08-26 236016]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [N/A]

c:\documents and settings\Carolyn\Start Menu\Programs\Startup\
PictureProject In Touch.lnk - c:\program files\Nikon\PictureProject In Touch\PictureProjectInTouch.exe [2005-3-21 8384512]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-11-30 1421328]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2008-9-19 1545488]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2005-2-5 118784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-7-30 724992]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 14:26 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
c:\program files\Common Files\AOL\ACS\AOLDial.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
c:\program files\Common Files\AOL\1140366728\ee\AOLSoftware.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2006-10-30 15:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 01:15 290816 ------w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe [N/A]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

R0 AvgRkx86;avgrkx86.sys;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [02/01/09 2:11 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [02/01/09 2:10 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [02/01/09 2:10 PM 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/01/09 2:10 PM 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [04/24/09 8:43 AM 1370488]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\SYSTEM32\dllhost.exe [03/19/04 4:35 PM 5120]
R3 Avgfwdx;Avgfwdx;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [02/01/09 2:10 PM 29208]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/07 5:13 PM 1553896]
S3 Avgfwfd;AVG network filter service;c:\windows\SYSTEM32\DRIVERS\avgfwdx.sys [02/01/09 2:10 PM 29208]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/29/08 6:52 PM 30192]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [08/21/08 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [08/21/08 11:49 PM 8320]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [09/11/04 4:37 PM 15576]
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 23:13]

2004-07-29 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2004-03-19 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{9239E4EC-C9A6-11D2-A844-00C04F68D538}
DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} - hxxp://www.imgag.com/cp/install/AxCtp.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-mSpot - c:\program files\Alltel Jump Music\Remix\RemixUninst.exe
AddRemove-Scooby-Doo™, Jinx At The Sphinx™ - c:\program files\The Learning Company\Scooby-Doo™



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-18 21:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Driver Signing]
@Denied: (2) (Administrators)
"Policy"=hex:00,00,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2760)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\msdtc.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-01-18 22:02:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-19 04:02
ComboFix2.txt 2008-08-23 01:23

Pre-Run: 44,722,634,752 bytes free
Post-Run: 44,785,135,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 1E5598439E992D4F24C4224DDB0D6DB4


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:49 AM

Posted 19 January 2010 - 03:41 AM

It looks good. thumbup2.gif
  1. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u17-windows-i586.exe to install the newest version.

  2. Go to Start => Run => copy and paste next command in the field then hit enter:

    ComboFix /Uninstall

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.


Happy Surfing. smile.gif

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:49 AM

Posted 22 January 2010 - 06:27 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users