Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

PC won't access Drive C

(New)
(!)

microcomp's Avatar
microcomp microcomp is offline
Computer Specs
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Jan 2009
Experience: Advanced
30-Jan-2009, 02:05 AM #1
PC won't access Drive C
This is the 3rd time I have tried on this PC to post a message here. It seems that every time I open a new window or program while still in this forum, it disappears and I am left with no IE running.

Quickly before I lose you.

When I double click on Drive C under My Computer it treats it like a file and says Choose the program you want to use to open this type of file: C\:
I then have to browse and find Explorer before I can see the C drive contents.

Installation on new programs can't seem to find the files to finish and looks for them in the users/documents/tmp directory or something like that

My clients say that recently an unvalidated geniune windows message has started showing up and the computer has started to sloooooow way down - it is a Compaq Presario 6000 and probably needs more memory to start (has 640MB now and is runnning Windows XP Pro version 2002 #3)

This is the hijack log which I hope contains some clues to the problems on this machine. Please let me know what you think and what suggestions you might have for making this computer behave better.

Thanks

David


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:51 PM, on 1/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\ZumieSearch\zumie172.exe
C:\WINDOWS\system32\WgaTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZumieSearch\zumie.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\GamingSquared\Gaming2\G2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Quicken\bagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI7677~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI7677~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: ZumieSearch Service - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\ZumieSearch\zumie172.exe
--
End of file - 10036 bytes
microcomp's Avatar
microcomp microcomp is offline
Computer Specs
Junior Member with 2 posts.
THREAD STARTER
 
Join Date: Jan 2009
Experience: Advanced
30-Jan-2009, 03:51 PM #2
Autorun.inf on hard drives - Combo Fix?
While following a fix found in this forum to remove the autorun.inf in the root directories on this computer, I somehow ended up with the Combo Fix program and the following file:

ComboFix 09-01-21.04 - Renee 2009-01-30 8:08:18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.144 [GMT -8:00]
Running from: c:\my downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\Renee\Application Data\ShoppingReport
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Renee\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\program files\ShoppingReport
c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
c:\program files\ShoppingReport\Uninst.exe
c:\program files\winrar\2.bat
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ZUMIESEARCH_SERVICE
-------\Service_ZumieSearch Service

((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.
2009-01-30 10:16 . 2009-01-30 10:16 <DIR> d-------- c:\documents and settings\Emily.GINN\Application Data\ArcSoft
2009-01-29 23:28 . 2009-01-29 23:28 <DIR> d-------- c:\documents and settings\Renee\DoctorWeb
2009-01-29 23:25 . 2009-01-29 23:27 592 --a------ c:\windows\chgkey.vbs
2009-01-29 21:43 . 2009-01-29 21:43 <DIR> d-------- c:\documents and settings\Renee\Application Data\GlarySoft
2009-01-29 21:39 . 2009-01-29 21:39 <DIR> d-------- c:\program files\Glary Utilities
2009-01-27 09:35 . 2009-01-27 09:35 <DIR> d-------- c:\program files\Seagate
2009-01-27 09:35 . 2009-01-27 09:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Seagate
2009-01-26 23:55 . 2009-01-26 23:55 0 --a------ c:\windows\EEventManager.INI
2009-01-26 23:26 . 2009-01-26 23:26 <DIR> d-------- c:\documents and settings\Renee\Application Data\TaxCut
2009-01-26 23:14 . 2009-01-26 23:43 <DIR> d-------- c:\documents and settings\Renee\Application Data\EPSON
2009-01-26 22:48 . 2009-01-26 22:48 <DIR> d-------- c:\documents and settings\Renee\Application Data\Leadertech
2009-01-26 22:41 . 2009-01-26 22:41 <DIR> d-------- c:\program files\Common Files\EPSON
2009-01-26 22:41 . 2007-09-07 17:33 135,168 --a------ c:\windows\system32\EEBAPI.dll
2009-01-26 22:41 . 2007-09-26 03:08 112,640 --a------ c:\windows\system32\E_ADDNET.EXE
2009-01-26 22:41 . 2006-12-19 18:31 110,592 --a------ c:\windows\system32\EEBDSCVR.dll
2009-01-26 22:41 . 2006-12-19 18:20 77,824 --a------ c:\windows\system32\EBAPI.dll
2009-01-26 22:41 . 2007-03-28 18:26 65,536 --a------ c:\windows\system32\EEBUtil.dll
2009-01-26 22:41 . 2003-12-17 01:01 55,808 --a------ c:\windows\system32\EEBSDKIF.dll
2009-01-26 22:41 . 2008-03-30 06:03 1,120 --a------ c:\windows\system32\E_ADDNET.DAT
2009-01-26 22:40 . 2008-07-15 17:32 474,892 --a------ c:\windows\system32\ensppmon.dll
2009-01-26 22:40 . 2008-07-15 17:32 474,892 --a------ c:\windows\system32\enppmon.dll
2009-01-26 22:40 . 2008-07-15 17:33 457,611 --a------ c:\windows\system32\ensppui.dll
2009-01-26 22:40 . 2008-07-15 17:33 457,611 --a------ c:\windows\system32\enppui.dll
2009-01-26 22:40 . 2008-06-18 11:49 249,344 --a------ c:\windows\system32\enspres.dll
2009-01-26 22:40 . 2008-06-18 11:49 249,344 --a------ c:\windows\system32\enpres.dll
2009-01-26 22:30 . 2009-01-27 08:01 <DIR> d-------- c:\program files\ABBYY FineReader 6.0 Sprint
2009-01-26 22:29 . 2009-01-29 19:47 <DIR> d-------- c:\documents and settings\Renee\Application Data\Arcsoft
2009-01-26 22:29 . 2009-01-30 10:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
2009-01-26 22:28 . 2009-01-27 15:12 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-26 22:28 . 2009-01-27 15:18 <DIR> d-------- c:\program files\ArcSoft
2009-01-26 22:26 . 2009-01-26 22:26 <DIR> d-------- c:\program files\Epson Software
2009-01-26 22:25 . 2009-01-29 22:01 <DIR> d-------- c:\program files\EpsonNet
2009-01-26 22:24 . 2009-01-26 22:24 <DIR> d-------- c:\documents and settings\Renee\Application Data\InstallShield
2009-01-26 22:24 . 2009-01-26 22:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EPSON
2009-01-26 22:23 . 2009-01-26 22:47 <DIR> d-------- c:\program files\epson
2009-01-26 22:23 . 2007-07-13 00:00 71,680 --a------ c:\windows\system32\escwiad.dll
2009-01-26 22:23 . 2006-08-24 02:00 9,216 --a------ c:\windows\system32\escdev.dll
2009-01-26 22:22 . 2009-01-26 22:48 79 --a------ c:\windows\EPWF600.ini
2009-01-26 21:48 . 2008-06-18 07:49 49,904 -ra------ c:\windows\system32\drivers\BVRPMPR5.SYS
2009-01-26 21:47 . 2009-01-26 22:10 <DIR> d-------- C:\Netgear
2009-01-23 16:34 . 2009-01-23 16:34 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
2009-01-23 16:25 . 2009-01-23 16:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
2009-01-23 16:25 . 2009-01-30 08:37 11,137 --a------ c:\windows\system32\Config.MPF
2009-01-23 16:18 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
2009-01-23 16:18 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
2009-01-23 16:18 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
2009-01-23 16:18 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2009-01-23 16:18 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2009-01-23 16:18 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
2009-01-23 16:17 . 2009-01-23 16:17 <DIR> d-------- c:\program files\McAfee.com
2009-01-23 16:17 . 2009-01-23 16:18 <DIR> d-------- c:\program files\Common Files\McAfee
2009-01-23 16:16 . 2009-01-25 06:09 <DIR> d-------- c:\program files\McAfee
2009-01-23 16:04 . 2009-01-23 16:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
2009-01-21 14:38 . 2009-01-21 14:38 0 --ah----- c:\documents and settings\Michael.GINN\hpothb07.dat
2009-01-21 14:37 . 2009-01-21 14:37 816 --ah----- c:\documents and settings\Michael\hpothb07.dat
2009-01-17 12:40 . 2009-01-17 12:40 <DIR> d-------- c:\documents and settings\Michael.GINN\Application Data\Hewlett-Packard
2009-01-10 11:51 . 2009-01-10 11:51 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
2009-01-10 11:51 . 2008-11-11 16:32 3,523,872 --a------ c:\windows\system32\cdintf300.dll
2009-01-10 11:51 . 2008-11-11 16:32 1,848,608 --a------ c:\windows\system32\acXMLParser.dll
2009-01-08 01:09 . 2009-01-13 22:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ZumieSearch
2008-12-05 16:34 . 2008-12-05 17:07 <DIR> d-------- c:\documents and settings\Renee\Application Data\Costco Photo Viewer US
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 14:29 --------- d-----w c:\program files\SBC Self Support Tool
2009-01-27 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 07:29 --------- d-----w c:\program files\DeductionPro 2007
2009-01-27 06:27 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-25 14:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-01-17 23:29 --------- d-----w c:\program files\Quicken
2009-01-15 05:27 --------- d-----w c:\program files\ZumieSearch
2009-01-03 16:30 --------- d-----w c:\documents and settings\Emily.GINN\Application Data\alot
2009-01-03 08:43 --------- d-----w c:\documents and settings\Renee\Application Data\Apple Computer
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-03-25 00:53 103,684 ----a-w c:\program files\MsPaint.exe
2008-03-24 22:09 0 ---ha-w c:\program files\hiberfil.sys
2008-03-15 02:38 64 ----a-w c:\program files\2.bat
2008-03-13 10:49 98,566 ----a-w c:\program files\MyPicture.exe
2007-10-15 02:22 79,936 ----a-w c:\documents and settings\Terrie Ginn\Application Data\GDIPFONTCACHEV1.DAT
2007-10-12 08:26 0 ----a-w c:\program files\desktop.ini
2007-09-24 02:04 1,382,792 ----a-w c:\program files\install_easyshare.exe
2007-02-17 17:01 72,576 ----a-w c:\documents and settings\Michael\Application Data\GDIPFONTCACHEV1.DAT
2005-12-10 20:47 1,129 ---ha-w c:\documents and settings\Jeremiah\hpothb07.dat
2005-12-10 20:46 665 ---ha-w c:\documents and settings\Default User\hpothb07.dat
2005-12-10 20:46 665 ---ha-w c:\documents and settings\Administrator\hpothb07.dat
2005-12-10 20:46 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
2005-12-10 20:46 1,108 ---ha-w c:\documents and settings\Emily\hpothb07.dat
2005-09-18 05:03 661 ---ha-w c:\documents and settings\Terrie Ginn\hpothb07.dat
2004-06-15 17:43 77 ----a-w c:\documents and settings\Jeremiah\ub.dat
2004-05-02 03:49 0 ----a-w c:\documents and settings\Emily\ub.dat
2004-05-02 03:49 0 ----a-w c:\documents and settings\Emily\ad.dat
2004-04-30 20:39 0 ----a-w c:\documents and settings\Jeremiah\ad.dat
2004-04-06 23:50 63,904 ----a-w c:\documents and settings\Jeremiah\Application Data\GDIPFONTCACHEV1.DAT
2008-08-30 23:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"S3TRAY2"="S3tray2.exe" [2003-02-25 c:\windows\system32\S3tray2.exe]
c:\documents and settings\Jeremiah.GINN\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Michael.GINN\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Renee\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2003-07-01 282624]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2007-12-06 30720]
officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-06-17 217088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2002-04-22 14:49 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
--a------ 2002-04-11 04:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EEventManager"=c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
"G2"="c:\program files\GamingSquared\Gaming2\G2.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"SoundMan"=SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-07-12 24652]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{3dca87ca-2fa1-11dd-a41f-0040ca43caf1}]
\Shell\AutoRun\command - H:\t.com
\Shell\explore\Command - H:\t.com
\Shell\open\Command - H:\t.com
.
Contents of the 'Scheduled Tasks' folder
2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-01-30 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-01-10 17:02]
2009-01-24 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2009-01-24 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI7677~1\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 10:20:21
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\WgaTray.exe
c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
.
**************************************************************************
.
Completion time: 2009-01-30 10:26:03 - machine was rebooted [Emily]
ComboFix-quarantined-files.txt 2009-01-30 18:25:59
Pre-Run: 63,238,352,896 bytes free
Post-Run: 67,360,075,776 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
282 --- E O F --- 2009-01-14 11:02:40

Is there anyone here who can tell me what this means and how it can fix the computer from which it came??

Thanks once again for your help and consideration
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑