1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

PC won't access Drive C

Discussion in 'Virus & Other Malware Removal' started by microcomp, Jan 30, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. microcomp

    microcomp Thread Starter

    Joined:
    Jan 30, 2009
    Messages:
    2
    This is the 3rd time I have tried on this PC to post a message here. It seems that every time I open a new window or program while still in this forum, it disappears and I am left with no IE running.

    Quickly before I lose you.

    When I double click on Drive C under My Computer it treats it like a file and says Choose the program you want to use to open this type of file: C\:
    I then have to browse and find Explorer before I can see the C drive contents.

    Installation on new programs can't seem to find the files to finish and looks for them in the users/documents/tmp directory or something like that

    My clients say that recently an unvalidated geniune windows message has started showing up and the computer has started to sloooooow way down - it is a Compaq Presario 6000 and probably needs more memory to start (has 640MB now and is runnning Windows XP Pro version 2002 #3)

    This is the hijack log which I hope contains some clues to the problems on this machine. Please let me know what you think and what suggestions you might have for making this computer behave better.

    Thanks

    David


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:20:51 PM, on 1/29/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Documents and Settings\All Users.WINDOWS\Application Data\ZumieSearch\zumie172.exe
    C:\WINDOWS\system32\WgaTray.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ZumieSearch\zumie.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\Program Files\GamingSquared\Gaming2\G2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Quicken\bagent.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE
    C:\Palm\HOTSYNC.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    G:\Downloads\HiJackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EPSON WorkForce 600(Network)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEKA.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
    O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI7677~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI7677~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: ZumieSearch Service - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Application Data\ZumieSearch\zumie172.exe
    --
    End of file - 10036 bytes
     
  2. microcomp

    microcomp Thread Starter

    Joined:
    Jan 30, 2009
    Messages:
    2
    While following a fix found in this forum to remove the autorun.inf in the root directories on this computer, I somehow ended up with the Combo Fix program and the following file:

    ComboFix 09-01-21.04 - Renee 2009-01-30 8:08:18.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.144 [GMT -8:00]
    Running from: c:\my downloads\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated)
    FW: McAfee Personal Firewall *enabled*
    * Created a new restore point
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Emily.GINN\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Jeremiah.GINN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Michael.GINN\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    c:\documents and settings\Renee\Application Data\ShoppingReport
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\Config.xml
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\db\Aliases.dbs
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\db\Sites.dbs
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\report\aggr_storage.xml
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\report\send_storage.xml
    c:\documents and settings\Renee\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
    c:\program files\ShoppingReport
    c:\program files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
    c:\program files\ShoppingReport\Uninst.exe
    c:\program files\winrar\2.bat
    G:\Autorun.inf
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_ZUMIESEARCH_SERVICE
    -------\Service_ZumieSearch Service

    ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
    .
    2009-01-30 10:16 . 2009-01-30 10:16 <DIR> d-------- c:\documents and settings\Emily.GINN\Application Data\ArcSoft
    2009-01-29 23:28 . 2009-01-29 23:28 <DIR> d-------- c:\documents and settings\Renee\DoctorWeb
    2009-01-29 23:25 . 2009-01-29 23:27 592 --a------ c:\windows\chgkey.vbs
    2009-01-29 21:43 . 2009-01-29 21:43 <DIR> d-------- c:\documents and settings\Renee\Application Data\GlarySoft
    2009-01-29 21:39 . 2009-01-29 21:39 <DIR> d-------- c:\program files\Glary Utilities
    2009-01-27 09:35 . 2009-01-27 09:35 <DIR> d-------- c:\program files\Seagate
    2009-01-27 09:35 . 2009-01-27 09:35 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Seagate
    2009-01-26 23:55 . 2009-01-26 23:55 0 --a------ c:\windows\EEventManager.INI
    2009-01-26 23:26 . 2009-01-26 23:26 <DIR> d-------- c:\documents and settings\Renee\Application Data\TaxCut
    2009-01-26 23:14 . 2009-01-26 23:43 <DIR> d-------- c:\documents and settings\Renee\Application Data\EPSON
    2009-01-26 22:48 . 2009-01-26 22:48 <DIR> d-------- c:\documents and settings\Renee\Application Data\Leadertech
    2009-01-26 22:41 . 2009-01-26 22:41 <DIR> d-------- c:\program files\Common Files\EPSON
    2009-01-26 22:41 . 2007-09-07 17:33 135,168 --a------ c:\windows\system32\EEBAPI.dll
    2009-01-26 22:41 . 2007-09-26 03:08 112,640 --a------ c:\windows\system32\E_ADDNET.EXE
    2009-01-26 22:41 . 2006-12-19 18:31 110,592 --a------ c:\windows\system32\EEBDSCVR.dll
    2009-01-26 22:41 . 2006-12-19 18:20 77,824 --a------ c:\windows\system32\EBAPI.dll
    2009-01-26 22:41 . 2007-03-28 18:26 65,536 --a------ c:\windows\system32\EEBUtil.dll
    2009-01-26 22:41 . 2003-12-17 01:01 55,808 --a------ c:\windows\system32\EEBSDKIF.dll
    2009-01-26 22:41 . 2008-03-30 06:03 1,120 --a------ c:\windows\system32\E_ADDNET.DAT
    2009-01-26 22:40 . 2008-07-15 17:32 474,892 --a------ c:\windows\system32\ensppmon.dll
    2009-01-26 22:40 . 2008-07-15 17:32 474,892 --a------ c:\windows\system32\enppmon.dll
    2009-01-26 22:40 . 2008-07-15 17:33 457,611 --a------ c:\windows\system32\ensppui.dll
    2009-01-26 22:40 . 2008-07-15 17:33 457,611 --a------ c:\windows\system32\enppui.dll
    2009-01-26 22:40 . 2008-06-18 11:49 249,344 --a------ c:\windows\system32\enspres.dll
    2009-01-26 22:40 . 2008-06-18 11:49 249,344 --a------ c:\windows\system32\enpres.dll
    2009-01-26 22:30 . 2009-01-27 08:01 <DIR> d-------- c:\program files\ABBYY FineReader 6.0 Sprint
    2009-01-26 22:29 . 2009-01-29 19:47 <DIR> d-------- c:\documents and settings\Renee\Application Data\Arcsoft
    2009-01-26 22:29 . 2009-01-30 10:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ArcSoft
    2009-01-26 22:28 . 2009-01-27 15:12 <DIR> d-------- c:\program files\Common Files\ArcSoft
    2009-01-26 22:28 . 2009-01-27 15:18 <DIR> d-------- c:\program files\ArcSoft
    2009-01-26 22:26 . 2009-01-26 22:26 <DIR> d-------- c:\program files\Epson Software
    2009-01-26 22:25 . 2009-01-29 22:01 <DIR> d-------- c:\program files\EpsonNet
    2009-01-26 22:24 . 2009-01-26 22:24 <DIR> d-------- c:\documents and settings\Renee\Application Data\InstallShield
    2009-01-26 22:24 . 2009-01-26 22:41 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\EPSON
    2009-01-26 22:23 . 2009-01-26 22:47 <DIR> d-------- c:\program files\epson
    2009-01-26 22:23 . 2007-07-13 00:00 71,680 --a------ c:\windows\system32\escwiad.dll
    2009-01-26 22:23 . 2006-08-24 02:00 9,216 --a------ c:\windows\system32\escdev.dll
    2009-01-26 22:22 . 2009-01-26 22:48 79 --a------ c:\windows\EPWF600.ini
    2009-01-26 21:48 . 2008-06-18 07:49 49,904 -ra------ c:\windows\system32\drivers\BVRPMPR5.SYS
    2009-01-26 21:47 . 2009-01-26 22:10 <DIR> d-------- C:\Netgear
    2009-01-23 16:34 . 2009-01-23 16:34 <DIR> d-------- c:\documents and settings\LocalService.NT AUTHORITY\Application Data\SACore
    2009-01-23 16:25 . 2009-01-23 16:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\SiteAdvisor
    2009-01-23 16:25 . 2009-01-30 08:37 11,137 --a------ c:\windows\system32\Config.MPF
    2009-01-23 16:18 . 2007-11-22 06:44 201,320 --a------ c:\windows\system32\drivers\mfehidk.sys
    2009-01-23 16:18 . 2007-07-13 06:20 113,952 --a------ c:\windows\system32\drivers\Mpfp.sys
    2009-01-23 16:18 . 2007-11-22 06:44 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys
    2009-01-23 16:18 . 2007-12-02 12:51 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
    2009-01-23 16:18 . 2007-11-22 06:44 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
    2009-01-23 16:18 . 2007-11-22 06:44 33,832 --a------ c:\windows\system32\drivers\mferkdk.sys
    2009-01-23 16:17 . 2009-01-23 16:17 <DIR> d-------- c:\program files\McAfee.com
    2009-01-23 16:17 . 2009-01-23 16:18 <DIR> d-------- c:\program files\Common Files\McAfee
    2009-01-23 16:16 . 2009-01-25 06:09 <DIR> d-------- c:\program files\McAfee
    2009-01-23 16:04 . 2009-01-23 16:25 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\McAfee
    2009-01-21 14:38 . 2009-01-21 14:38 0 --ah----- c:\documents and settings\Michael.GINN\hpothb07.dat
    2009-01-21 14:37 . 2009-01-21 14:37 816 --ah----- c:\documents and settings\Michael\hpothb07.dat
    2009-01-17 12:40 . 2009-01-17 12:40 <DIR> d-------- c:\documents and settings\Michael.GINN\Application Data\Hewlett-Packard
    2009-01-10 11:51 . 2009-01-10 11:51 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
    2009-01-10 11:51 . 2008-11-11 16:32 3,523,872 --a------ c:\windows\system32\cdintf300.dll
    2009-01-10 11:51 . 2008-11-11 16:32 1,848,608 --a------ c:\windows\system32\acXMLParser.dll
    2009-01-08 01:09 . 2009-01-13 22:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ZumieSearch
    2008-12-05 16:34 . 2008-12-05 17:07 <DIR> d-------- c:\documents and settings\Renee\Application Data\Costco Photo Viewer US
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-30 14:29 --------- d-----w c:\program files\SBC Self Support Tool
    2009-01-27 23:18 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-01-27 07:29 --------- d-----w c:\program files\DeductionPro 2007
    2009-01-27 06:27 --------- d-----w c:\program files\Common Files\InstallShield
    2009-01-25 14:33 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
    2009-01-17 23:29 --------- d-----w c:\program files\Quicken
    2009-01-15 05:27 --------- d-----w c:\program files\ZumieSearch
    2009-01-03 16:30 --------- d-----w c:\documents and settings\Emily.GINN\Application Data\alot
    2009-01-03 08:43 --------- d-----w c:\documents and settings\Renee\Application Data\Apple Computer
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-03-25 00:53 103,684 ----a-w c:\program files\MsPaint.exe
    2008-03-24 22:09 0 ---ha-w c:\program files\hiberfil.sys
    2008-03-15 02:38 64 ----a-w c:\program files\2.bat
    2008-03-13 10:49 98,566 ----a-w c:\program files\MyPicture.exe
    2007-10-15 02:22 79,936 ----a-w c:\documents and settings\Terrie Ginn\Application Data\GDIPFONTCACHEV1.DAT
    2007-10-12 08:26 0 ----a-w c:\program files\desktop.ini
    2007-09-24 02:04 1,382,792 ----a-w c:\program files\install_easyshare.exe
    2007-02-17 17:01 72,576 ----a-w c:\documents and settings\Michael\Application Data\GDIPFONTCACHEV1.DAT
    2005-12-10 20:47 1,129 ---ha-w c:\documents and settings\Jeremiah\hpothb07.dat
    2005-12-10 20:46 665 ---ha-w c:\documents and settings\Default User\hpothb07.dat
    2005-12-10 20:46 665 ---ha-w c:\documents and settings\Administrator\hpothb07.dat
    2005-12-10 20:46 164 ---ha-w c:\documents and settings\All Users\hpothb07.dat
    2005-12-10 20:46 1,108 ---ha-w c:\documents and settings\Emily\hpothb07.dat
    2005-09-18 05:03 661 ---ha-w c:\documents and settings\Terrie Ginn\hpothb07.dat
    2004-06-15 17:43 77 ----a-w c:\documents and settings\Jeremiah\ub.dat
    2004-05-02 03:49 0 ----a-w c:\documents and settings\Emily\ub.dat
    2004-05-02 03:49 0 ----a-w c:\documents and settings\Emily\ad.dat
    2004-04-30 20:39 0 ----a-w c:\documents and settings\Jeremiah\ad.dat
    2004-04-06 23:50 63,904 ----a-w c:\documents and settings\Jeremiah\Application Data\GDIPFONTCACHEV1.DAT
    2008-08-30 23:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-15 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2007-11-30 1164576]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-07-17 177448]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
    "S3TRAY2"="S3tray2.exe" [2003-02-25 c:\windows\system32\S3tray2.exe]
    c:\documents and settings\Jeremiah.GINN\Start Menu\Programs\Startup\
    Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2006-10-27 338216]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    c:\documents and settings\Michael.GINN\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    c:\documents and settings\Renee\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\palm\HOTSYNC.EXE [2003-07-01 282624]
    hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-09 28672]
    Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe [2007-12-06 30720]
    officejet 6100.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-11 147456]
    SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-06-17 217088]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.ctmp3"= c:\windows\system32\ctmp3.acm
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
    backup=c:\windows\pss\hp psc 2000 Series.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
    path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\hpoddt01.exe.lnk
    backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
    --a------ 2002-04-22 14:49 188416 c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
    --a------ 2002-04-11 04:19 69632 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "EEventManager"=c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
    "G2"="c:\program files\GamingSquared\Gaming2\G2.exe"
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "SoundMan"=SOUNDMAN.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "AntiVirusOverride"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\AIM6\\aim6.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
    R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-07-17 161064]
    R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-07-12 24652]
    S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-23 203280]
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3dca87ca-2fa1-11dd-a41f-0040ca43caf1}]
    \Shell\AutoRun\command - H:\t.com
    \Shell\explore\Command - H:\t.com
    \Shell\open\Command - H:\t.com
    .
    Contents of the 'Scheduled Tasks' folder
    2009-01-27 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    2009-01-30 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2009-01-10 17:02]
    2009-01-24 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
    2009-01-24 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI7677~1\OFFICE11\EXCEL.EXE/3000
    .
    **************************************************************************
    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-30 10:20:21
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\EPSON\EBAPI\eEBSvc.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\McAfee\MPF\MpfSrv.exe
    c:\windows\system32\WgaTray.exe
    c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\SBC Self Support Tool\bin\mpbtn.exe
    c:\progra~1\McAfee\MSC\mcuimgr.exe
    c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\McAfee.com\Agent\mcagent.exe
    c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
    .
    **************************************************************************
    .
    Completion time: 2009-01-30 10:26:03 - machine was rebooted [Emily]
    ComboFix-quarantined-files.txt 2009-01-30 18:25:59
    Pre-Run: 63,238,352,896 bytes free
    Post-Run: 67,360,075,776 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    282 --- E O F --- 2009-01-14 11:02:40

    Is there anyone here who can tell me what this means and how it can fix the computer from which it came??

    Thanks once again for your help and consideration
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/795876