Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My Problems

Started by munkishinz , Mar 19 2010 01:40 PM

  • Please log in to reply

#1
munkishinz
Posted 19 March 2010 - 01:40 PM

munkishinz

    Member

  • Member
  • PipPip
  • 26 posts
Here is my link Mr. Admin told me to put


http://www.geekstogo...ml#entry1787364

I have downloaded oldtimer and ran it and it found like 52 errors and it fixed them
I downloaded ERUNT,started "running" it and it started on the 2nd part "RUN" but it quit and gave me a error message...."Setup was unable to create the directory "C:\DOCUME~1\MATT~2.MAT\LOCALS~1\Temp\is.G8LTE.tmp".
Error 5: Access is denied.

Edited by JSntgRvr, 19 March 2010 - 06:09 PM.
Fixed Link

  • 0

Advertisements

#2
RKinner
Posted 20 March 2010 - 12:44 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you get an OTL log (Step 5 in http://www.geekstogo...ide-t2852.html). If so copy it by highlighting the text of the log and ctrl + c then move to a reply and paste it with Ctrl + v.

Ron
  • 0

#3
munkishinz
Posted 20 March 2010 - 07:40 AM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I copied it now it won't paste. :) When I ran Oldtimer on my computer after I clicked "run" from that point on it did everything all by itself. It finished and rebooted by itself. I didn't get a chance to click anywhere or choose anything. :)
  • 0

#4
munkishinz
Posted 20 March 2010 - 07:48 AM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
The other tech said we need to clean it first to get rid of any infections. I have all the disks to re-do it I think.
I have these CD's
HP Driver Recovery CD
MS Windows XP Home SP1a Operating System CD
HP Compac Documentation Library
Roxio Easy CD & DVD Creator 6- Basic Edition
Norton Antivirus
MS Works & Money
MicroWebcam Mobile Installation CD
Just asking
  • 0

#5
RKinner
Posted 20 March 2010 - 09:03 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:
  • 0

#6
munkishinz
Posted 20 March 2010 - 11:39 AM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I think I got it done. It had problems at first, then it sort of fixed itself. AWESOME!! :) Then it rebooted itself, and made it's own little text document. The information you asked me for is this:

ComboFix 10-03-19.08 - Matt 03/20/2010 11:39:24.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.718 [GMT -5:00]
Running from: C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Desktop\George.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\FunWebProducts
C:\Program Files\WinPCap
C:\Program Files\WinPCap\daemon_mgm.exe
C:\Program Files\WinPCap\INSTALL.LOG
C:\Program Files\WinPCap\npf_mgm.exe
C:\Program Files\WinPCap\rpcapd.exe
C:\Program Files\WinPCap\Uninstall.exe
C:\RECYCLER\S-1-5-21-1547161642-1580436667-839522115-1003
C:\RECYCLER\S-1-5-21-1547161642-436374069-1343024091-1004
C:\RECYCLER\S-1-5-21-1734124108-3128712353-3510058824-1007
C:\RECYCLER\S-1-5-21-4015289718-3951579582-1720390093-1003
C:\WINDOWS\BM14fdc466.txt
C:\WINDOWS\BM14fdc466.xml
C:\WINDOWS\Downloaded Program Files\poPCaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 16:41:51 . 2010-03-19 16:45:44 -------- d-----w- C:\WINDOWS\system32\NtmsData
2010-03-19 03:35:23 . 2010-03-19 03:35:23 -------- d-----w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Local Settings\Application Data\Yahoo
2010-03-19 03:35:01 . 2010-03-19 03:37:53 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-03-19 03:34:59 . 2010-03-19 03:34:59 -------- d-----w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\Yahoo!
2010-03-18 23:51:08 . 2010-03-18 23:51:19 207952 ----a-w- C:\uninstall_flash_player.exe
2010-03-18 23:30:39 . 2010-03-18 23:30:39 52224 ----a-w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-18 23:29:57 . 2010-03-18 23:29:57 117760 ----a-w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-18 22:49:27 . 2010-03-18 22:49:38 791393 ----a-w- C:\ERUNT.exe
2010-03-18 22:24:55 . 2010-03-18 22:25:11 444416 ----a-w- C:\TempFileC.exe
2010-03-17 00:55:49 . 2010-03-17 00:57:25 27386256 ----a-w- C:\AdbeRdr930_en_US.exe
2010-03-16 02:00:40 . 2010-03-16 02:00:49 4004936 ----a-w- C:\registrybooster.exe
2010-03-16 01:54:28 . 2010-03-16 01:54:40 5153344 ----a-w- C:\ARO2010_mt.exe
2010-03-16 00:20:28 . 2010-03-16 00:20:35 9732720 ----a-w- C:\Program Files\rminstall.exe
2010-03-12 21:36:42 . 2009-10-23 15:28:37 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe
2010-03-09 21:13:01 . 2003-03-09 20:31:02 94208 ----a-r- C:\WINDOWS\system32\HPZipt12.dll
2010-03-09 21:13:00 . 2003-03-09 20:31:02 65795 ----a-r- C:\WINDOWS\system32\HPZipm12.exe
2010-03-09 21:13:00 . 2003-03-09 20:31:02 61699 ----a-r- C:\WINDOWS\system32\HPZinw12.exe
2010-03-09 21:13:00 . 2003-03-09 20:31:02 57344 ----a-r- C:\WINDOWS\system32\HPZisn12.dll
2010-03-09 21:13:00 . 2003-03-09 20:31:02 167936 ----a-r- C:\WINDOWS\system32\HPZipr12.dll
2010-03-09 21:13:00 . 2003-03-09 20:31:00 233528 ----a-r- C:\WINDOWS\system32\HPZidr12.dll
2010-03-09 21:12:59 . 2003-03-09 20:31:02 16080 ----a-r- C:\WINDOWS\system32\drivers\HPZipr12.sys
2010-03-09 21:12:55 . 2003-03-09 20:31:00 51024 ----a-r- C:\WINDOWS\system32\drivers\hpzid412.sys
2010-03-09 20:00:45 . 2003-03-09 20:31:02 21456 ----a-r- C:\WINDOWS\system32\drivers\HPZius12.sys
2010-03-09 19:59:00 . 2003-03-09 20:30:42 237568 ----a-r- C:\WINDOWS\system32\HPZc3212.dll
2010-03-09 19:58:59 . 2003-03-09 20:31:04 81920 ----a-r- C:\WINDOWS\system32\hpovst08.dll
2010-03-09 19:58:58 . 2003-03-09 20:31:04 561152 ----a-r- C:\WINDOWS\system32\hpotscl.dll
2010-03-09 19:58:53 . 2003-03-09 20:31:04 274432 ----a-r- C:\WINDOWS\system32\hpgwiamd.dll
2010-03-01 02:38:07 . 2010-03-04 17:14:44 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC
2010-03-01 02:38:06 . 2010-03-04 17:14:44 -------- d-----w- C:\Program Files\SpeedyPC
2010-02-28 13:04:19 . 2010-02-28 13:04:19 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2010-02-28 13:04:00 . 2010-02-28 13:05:26 -------- d-----w- C:\Program Files\Common Files\Motive
2010-02-28 13:03:46 . 2010-03-01 18:22:16 -------- d-----w- C:\Program Files\ATT-PRT22-WISE
2010-02-28 13:03:43 . 2010-02-28 13:03:43 -------- d-----w- C:\Program Files\ATT
2010-02-27 04:05:40 . 2010-02-27 04:05:40 -------- d-----w- C:\Program Files\SBC Yahoo!
2010-02-26 20:57:38 . 1998-09-01 09:00:00 24576 ----a-w- C:\WINDOWS\system32\LFBMP70N.DLL
2010-02-26 20:57:38 . 1998-09-01 09:00:00 224768 ----a-w- C:\WINDOWS\system32\LFCMP70N.DLL
2010-02-26 20:57:31 . 2010-02-26 20:57:31 -------- d-----w- C:\Program Files\CreataCard
2010-02-26 20:57:31 . 1998-09-01 08:27:06 182784 ----a-w- C:\WINDOWS\Mgxclean.exe
2010-02-24 04:05:55 . 2010-03-12 21:48:19 -------- d--h--w- C:\WINDOWS\$hf_mig$
2010-02-20 00:51:51 . 2010-02-20 00:51:51 2932 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 03:35:04 . 2010-01-17 23:29:45 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2010-03-19 03:35:04 . 2004-02-19 06:01:51 -------- d-----w- C:\Program Files\Yahoo!
2010-03-19 00:15:40 . 2009-12-30 23:52:14 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
2010-03-19 00:14:10 . 2003-10-11 15:03:59 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-03-17 05:41:09 . 2008-02-20 23:46:26 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-16 01:12:24 . 2009-11-01 16:30:54 -------- d-----w- C:\Program Files\Trend Micro
2010-03-13 13:02:10 . 2009-11-01 16:07:46 125992 ----a-w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-08 04:38:05 . 2003-10-11 14:30:35 -------- d-----w- C:\Program Files\Java
2010-03-02 04:20:12 . 2010-02-05 20:21:31 99572 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-02-21 22:02:50 . 2010-01-17 23:23:24 -------- d-----w- C:\Program Files\Oberon Media
2010-02-14 02:17:59 . 2006-12-25 19:01:58 -------- d-----w- C:\Program Files\MP3 Player Utilities 3(2).13
2010-02-13 02:56:35 . 2010-02-13 02:56:35 117760 ----a-w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-13 02:56:00 . 2010-02-13 02:56:00 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-13 00:41:55 . 2010-02-13 00:41:55 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-02-13 00:41:45 . 2010-02-13 00:41:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-02-13 00:41:40 . 2010-02-13 00:41:40 -------- d-----w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\SUPERAntiSpyware.com
2010-02-13 00:41:11 . 2010-02-13 00:41:11 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-08 21:11:38 . 2010-02-08 21:10:14 225280 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$Staging\What the...\start.exe
2010-02-06 02:07:45 . 2010-02-06 02:07:45 114688 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.30.1.dll
2010-02-06 02:07:44 . 2010-02-05 21:41:01 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
2010-02-05 19:58:35 . 2009-01-20 01:41:00 -------- d-----w- C:\Program Files\Picasa2
2010-02-05 16:27:11 . 2009-06-20 00:40:44 -------- d-----w- C:\Program Files\Bonjour
2010-02-02 23:31:18 . 2010-02-02 23:31:18 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\AGI
2010-01-23 00:24:37 . 2010-01-17 23:24:07 -------- d-----w- C:\Program Files\Yahoo! Games
2010-01-22 19:21:57 . 2004-02-21 13:25:42 -------- d-----w- C:\Program Files\Quicken
2010-01-21 18:10:33 . 2008-06-04 20:08:07 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-01-20 05:08:10 . 2010-01-20 04:05:35 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop
2010-01-20 05:06:58 . 2008-03-09 19:21:12 -------- d---a-w- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-01-14 03:07:42 . 2004-07-01 07:39:58 76487 ----a-w- C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-31 16:50:03 . 2009-11-02 16:38:04 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2009-12-31 16:24:39 . 2009-11-01 22:31:12 132 ----a-w- C:\WINDOWS\system32\rezumatenoi.dat
2009-12-21 19:14:05 . 2004-08-23 10:32:02 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 01:14:18 39408]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 13:56:02 2002160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 00:40:08 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 00:38:54 688218]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 03:00:00 335872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 19:50:26 184412]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 13:26:10 45056]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 01:44:50 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-19 00:23:22 868352]
"CARPService"="carpserv.exe" [2003-05-21 20:35:50 4608]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 19:10:44 106496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 17:44:34 31072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-01 15:28:16 30192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 04:16:38 39792]

C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12:28 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\XLink Kai Evo7\\KaiLaunch.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\HPQ\\Notebook Utilities\\HPWirelessCfg.exe"=

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56:04 AM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56:02 AM 74480]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [10/11/2003 9:29:50 AM 291328]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [10/11/2003 9:29:50 AM 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\drivers\DP83815.sys [7/16/2003 9:01:02 PM 28280]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56:06 AM 7408]
S2 gupdate1c97aa2610d3cc0;Google Update Service (gupdate1c97aa2610d3cc0);C:\Program Files\Google\Update\GoogleUpdate.exe [1/19/2009 8:56:50 PM 133104]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1/19/2009 8:36:35 PM 30192]
S3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys --> C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [?]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys --> C:\WINDOWS\system32\drivers\UsbMicfilt.sys [?]
S3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys --> C:\WINDOWS\system32\Drivers\usbvm302.sys [?]
S4 drmkaudd;drmkaudd; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-03-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-20 01:56:50 . 2009-06-01 16:58:34]

2010-03-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-20 01:56:50 . 2009-06-01 16:58:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.yahoo.com/
mStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = dormproxy:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
Notify-byXrPhee - (no file)
MSConfigStartUp-BDAgent - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
MSConfigStartUp-BitDefender Antiphishing Helper - C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe
AddRemove-WinPcapInst - C:\Program Files\WinPcap\Uninstall.exe
AddRemove-ZH Reborn V5.0 The Last Stand - C:\Program Files\EA Games\Command & Conquer Generals Zero Hour\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 11:51:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?3?7?0??????? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaudd]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-764733703-1060284298-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(788)
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\WINDOWS\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3988)
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-20 11:57:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 16:57:21

Pre-Run: 42,962,776,064 bytes free
Post-Run: 42,862,891,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - AD1CAC3498C5E147B3619D264ED8E6C4


That's all. It and you guys (techs)are so [bleep] cool! I'm so proud to even "talk" to you. Now what else? While I was on C looking at things, I saw several 'txt' documents and while I don't know, it looks like someone has previously done something like combo fix and stored the information in a folder there. I don't need most of Matt's stuff....pics, music, spreadsheets. How do we get rid of that stuff? I also was so ashamed when combofix was working because I saw all the trash and crap i put on the computer by going to these game places. Is there no safe place to go play or look at travels or anything anymore? I still am not sure I have all the "settings-security" done correctly. This whole experience just blows me awaay.
  • 0

#7
RKinner
Posted 20 March 2010 - 12:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Very good. Just a few cleanup items.

Copy all of the text between the stars to the clipboard by highlighting it and then pressing Ctrl+C.
*******************************************************
KILLALL::

File::
C:\registrybooster.exe
C:\ARO2010_mt.exe
C:\Program Files\rminstall.exe

Folder::
C:\Program Files\Trend Micro
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\SpeedyPC

Driver::
TMPassthruMP
Vimicro
drmkaudd



******************************************************

Open Notepad (Start, Run, notepad, OK) and then paste the text by Ctrl +v. File, Save As (to your desktop) CFScript , OK

Now close everything including this browser, pause or turn off your antivirus and drag CFScript.txt over to combofix (george) and let go. Combofix should start normally.

I'll want to see the log as before.

You do not have an active antivirus so let's get you a free one. Go to:

http://www.avast.com...avast-home.html

Download and SAVE (to your desktop) the free version of avast for home users. Then double click to run it. Accept the defaults. Don't let it talk you into a trial of the professional version.

You will need to register but it's free. (I'll tell you how to do it later.) Once you install it will want to reboot and it will ask you if it should do a bootscan. You can let it do the bootscan but it will take hours and you will need to check back once in a while. Once your reboot the scan will start and you won't be able to use the PC until it finishes. IF you don't want to do the bootscan you can tell it no. It will still want to reboot.

I am having Combofix kill off your registry boosters and speedypc. These things serve no real purpose and can cause major problems.

Ron

PS You have my number in a reply to your PM so you can call me if you get lost.
  • 0

#8
munkishinz
Posted 20 March 2010 - 02:01 PM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
So I did what you said. I never get the combofix.txt document on my c drive where it says it will be, I always have to do a "search for file" and enter the name & info & then the search brings up a document in George. I guess that's the reason you had me create George huh? :) :) So here is the information you requested....

ComboFix 10-03-19.08 - Matt 03/20/2010 14:16:20.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.715 [GMT -5:00]
Running from: C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Desktop\George.exe
Command switches used :: C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Desktop\CFScript.txt
* Resident AV is active


FILE ::
"C:\ARO2010_mt.exe"
"C:\Program Files\rminstall.exe"
"C:\registrybooster.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ARO2010_mt.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fb\000002c4\cltLMS1.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fb\000002c4\cltLMS2.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fb\cltupgrade.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fb\key.txt
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fc\000002d3\cltLMS1.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fc\000002d3\cltLMS2.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\000000fc\cltupgrade.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\00000107\000003cc\cltLMS1.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\00000107\000003cc\cltLMS2.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\00000082\00000107\cltupgrade.dat
C:\Documents and Settings\All Users.WINDOWS\Application Data\Norton\symdata.xml
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\ccInst.dll
C:\Program Files\Common Files\Symantec Shared\ccL40.dll
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Common Files\Symantec Shared\ccProd.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\CCPWD.DLL
C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
C:\Program Files\Common Files\Symantec Shared\DJSAlert.dll
C:\Program Files\Common Files\Symantec Shared\drWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\Help\basics.chm
C:\Program Files\Common Files\Symantec Shared\Help\basics.dll
C:\Program Files\Common Files\Symantec Shared\Help\disable.chm
C:\Program Files\Common Files\Symantec Shared\Help\disable.dll
C:\Program Files\Common Files\Symantec Shared\Help\edisk.chm
C:\Program Files\Common Files\Symantec Shared\Help\edisk.dll
C:\Program Files\Common Files\Symantec Shared\Help\emerg.chm
C:\Program Files\Common Files\Symantec Shared\Help\emerg.dll
C:\Program Files\Common Files\Symantec Shared\Help\FAQ.chm
C:\Program Files\Common Files\Symantec Shared\Help\faq.dll
C:\Program Files\Common Files\Symantec Shared\Help\feat_sum.chm
C:\Program Files\Common Files\Symantec Shared\Help\feat_sum.dll
C:\Program Files\Common Files\Symantec Shared\Help\getstart.chm
C:\Program Files\Common Files\Symantec Shared\Help\getstart.dll
C:\Program Files\Common Files\Symantec Shared\Help\LU_PC.chm
C:\Program Files\Common Files\Symantec Shared\Help\LU_PC.dll
C:\Program Files\Common Files\Symantec Shared\Help\LU_sub.chm
C:\Program Files\Common Files\Symantec Shared\Help\LU_sub.chw
C:\Program Files\Common Files\Symantec Shared\Help\LU_Sub.dll
C:\Program Files\Common Files\Symantec Shared\Help\monitor.chm
C:\Program Files\Common Files\Symantec Shared\Help\monitor.dll
C:\Program Files\Common Files\Symantec Shared\Help\NAV_acc.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_C_SB.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_dis.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_emrg.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_emSS.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_FAQ.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_feat.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_mon.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_opts.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_pvnt.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_task.chm
C:\Program Files\Common Files\Symantec Shared\Help\NAV_unin.chm
C:\Program Files\Common Files\Symantec Shared\Help\options.chm
C:\Program Files\Common Files\Symantec Shared\Help\options.dll
C:\Program Files\Common Files\Symantec Shared\Help\protect.chm
C:\Program Files\Common Files\Symantec Shared\Help\Res_faq.chm
C:\Program Files\Common Files\Symantec Shared\Help\rescue.chm
C:\Program Files\Common Files\Symantec Shared\Help\Supt_CPD.chm
C:\Program Files\Common Files\Symantec Shared\Help\Supt_CPD.dll
C:\Program Files\Common Files\Symantec Shared\Help\SymHelp.chm
C:\Program Files\Common Files\Symantec Shared\Help\symhelp.dll
C:\Program Files\Common Files\Symantec Shared\Help\unin.chm
C:\Program Files\Common Files\Symantec Shared\Help\unin.dll
C:\Program Files\Common Files\Symantec Shared\Help\V_AutoLU.chm
C:\Program Files\Common Files\Symantec Shared\Help\v_found.chm
C:\Program Files\Common Files\Symantec Shared\NIMClick.wav
C:\Program Files\Common Files\Symantec Shared\NIMOver.wav
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Common Files\Symantec Shared\rcAlert.dll
C:\Program Files\Common Files\Symantec Shared\rcApp.dll
C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\rcErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\rcLgView.dll
C:\Program Files\Common Files\Symantec Shared\rcNMAIN.dll
C:\Program Files\Common Files\Symantec Shared\rcSetMgr.dll
C:\Program Files\Common Files\Symantec Shared\SymLTCOM.dll
C:\Program Files\rminstall.exe
C:\Program Files\SpeedyPC
C:\Program Files\Trend Micro
C:\Program Files\Trend Micro\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-133
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-189
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-222
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-318
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-409
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-492
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-838
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-838.inf
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104222-955
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104223-267
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104223-267.dll
C:\Program Files\Trend Micro\HijackThis\backups\backup-20091101-104223-864
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThisInstaller.exe
C:\Program Files\Trend Micro\HousecallLauncher.exe
C:\registrybooster.exe
.
---- Previous Run -------
.
C:\Program Files\WinPCap\daemon_mgm.exe
C:\Program Files\WinPCap\INSTALL.LOG
C:\Program Files\WinPCap\npf_mgm.exe
C:\Program Files\WinPCap\rpcapd.exe
C:\Program Files\WinPCap\Uninstall.exe
C:\WINDOWS\BM14fdc466.txt
C:\WINDOWS\BM14fdc466.xml
C:\WINDOWS\Downloaded Program Files\poPCaploader.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\Thumbs.db
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Legacy_DRMKAUDD
-------\Service_drmkaudd
-------\Service_TMPassthruMP


((((((((((((((((((((((((( Files Created from 2010-02-20 to 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-19 16:41:51 . 2010-03-19 16:45:44 -------- d-----w- C:\WINDOWS\system32\NtmsData
2010-03-19 03:35:23 . 2010-03-19 03:35:23 -------- d-----w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Local Settings\Application Data\Yahoo
2010-03-19 03:35:01 . 2010-03-19 03:37:53 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2010-03-19 03:34:59 . 2010-03-19 03:34:59 -------- d-----w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\Yahoo!
2010-03-18 23:51:08 . 2010-03-18 23:51:19 207952 ----a-w- C:\uninstall_flash_player.exe
2010-03-18 23:30:39 . 2010-03-18 23:30:39 52224 ----a-w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-18 23:29:57 . 2010-03-18 23:29:57 117760 ----a-w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-18 22:49:27 . 2010-03-18 22:49:38 791393 ----a-w- C:\ERUNT.exe
2010-03-18 22:24:55 . 2010-03-18 22:25:11 444416 ----a-w- C:\TempFileC.exe
2010-03-17 00:55:49 . 2010-03-17 00:57:25 27386256 ----a-w- C:\AdbeRdr930_en_US.exe
2010-03-12 21:36:42 . 2009-10-23 15:28:37 3558912 -c----w- C:\WINDOWS\system32\dllcache\moviemk.exe
2010-03-09 21:13:01 . 2003-03-09 20:31:02 94208 ----a-r- C:\WINDOWS\system32\HPZipt12.dll
2010-03-09 21:13:00 . 2003-03-09 20:31:02 65795 ----a-r- C:\WINDOWS\system32\HPZipm12.exe
2010-03-09 21:13:00 . 2003-03-09 20:31:02 61699 ----a-r- C:\WINDOWS\system32\HPZinw12.exe
2010-03-09 21:13:00 . 2003-03-09 20:31:02 57344 ----a-r- C:\WINDOWS\system32\HPZisn12.dll
2010-03-09 21:13:00 . 2003-03-09 20:31:02 167936 ----a-r- C:\WINDOWS\system32\HPZipr12.dll
2010-03-09 21:13:00 . 2003-03-09 20:31:00 233528 ----a-r- C:\WINDOWS\system32\HPZidr12.dll
2010-03-09 21:12:59 . 2003-03-09 20:31:02 16080 ----a-r- C:\WINDOWS\system32\drivers\HPZipr12.sys
2010-03-09 21:12:55 . 2003-03-09 20:31:00 51024 ----a-r- C:\WINDOWS\system32\drivers\hpzid412.sys
2010-03-09 20:00:45 . 2003-03-09 20:31:02 21456 ----a-r- C:\WINDOWS\system32\drivers\HPZius12.sys
2010-03-09 19:59:00 . 2003-03-09 20:30:42 237568 ----a-r- C:\WINDOWS\system32\HPZc3212.dll
2010-03-09 19:58:59 . 2003-03-09 20:31:04 81920 ----a-r- C:\WINDOWS\system32\hpovst08.dll
2010-03-09 19:58:58 . 2003-03-09 20:31:04 561152 ----a-r- C:\WINDOWS\system32\hpotscl.dll
2010-03-09 19:58:53 . 2003-03-09 20:31:04 274432 ----a-r- C:\WINDOWS\system32\hpgwiamd.dll
2010-03-01 02:38:07 . 2010-03-04 17:14:44 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpeedyPC
2010-02-28 13:04:19 . 2010-02-28 13:04:19 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2010-02-28 13:04:00 . 2010-02-28 13:05:26 -------- d-----w- C:\Program Files\Common Files\Motive
2010-02-28 13:03:46 . 2010-03-01 18:22:16 -------- d-----w- C:\Program Files\ATT-PRT22-WISE
2010-02-28 13:03:43 . 2010-02-28 13:03:43 -------- d-----w- C:\Program Files\ATT
2010-02-27 04:05:40 . 2010-02-27 04:05:40 -------- d-----w- C:\Program Files\SBC Yahoo!
2010-02-26 20:57:38 . 1998-09-01 09:00:00 24576 ----a-w- C:\WINDOWS\system32\LFBMP70N.DLL
2010-02-26 20:57:38 . 1998-09-01 09:00:00 224768 ----a-w- C:\WINDOWS\system32\LFCMP70N.DLL
2010-02-26 20:57:31 . 2010-02-26 20:57:31 -------- d-----w- C:\Program Files\CreataCard
2010-02-26 20:57:31 . 1998-09-01 08:27:06 182784 ----a-w- C:\WINDOWS\Mgxclean.exe
2010-02-24 04:05:55 . 2010-03-12 21:48:19 -------- d--h--w- C:\WINDOWS\$hf_mig$
2010-02-20 00:51:51 . 2010-02-20 00:51:51 2932 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 03:35:04 . 2010-01-17 23:29:45 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2010-03-19 03:35:04 . 2004-02-19 06:01:51 -------- d-----w- C:\Program Files\Yahoo!
2010-03-17 05:41:09 . 2008-02-20 23:46:26 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-03-13 13:02:10 . 2009-11-01 16:07:46 125992 ----a-w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-08 04:38:05 . 2003-10-11 14:30:35 -------- d-----w- C:\Program Files\Java
2010-03-02 04:20:12 . 2010-02-05 20:21:31 99572 ---ha-w- C:\WINDOWS\system32\mlfcache.dat
2010-02-21 22:02:50 . 2010-01-17 23:23:24 -------- d-----w- C:\Program Files\Oberon Media
2010-02-14 02:17:59 . 2006-12-25 19:01:58 -------- d-----w- C:\Program Files\MP3 Player Utilities 3(2).13
2010-02-13 02:56:35 . 2010-02-13 02:56:35 117760 ----a-w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-13 02:56:00 . 2010-02-13 02:56:00 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-02-13 00:41:55 . 2010-02-13 00:41:55 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-02-13 00:41:45 . 2010-02-13 00:41:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2010-02-13 00:41:40 . 2010-02-13 00:41:40 -------- d-----w- C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Application Data\SUPERAntiSpyware.com
2010-02-13 00:41:11 . 2010-02-13 00:41:11 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-02-08 21:11:38 . 2010-02-08 21:10:14 225280 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$Staging\What the...\start.exe
2010-02-06 02:07:45 . 2010-02-06 02:07:45 114688 ----a-w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.0.30.1.dll
2010-02-06 02:07:44 . 2010-02-05 21:41:01 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kodak
2010-02-05 19:58:35 . 2009-01-20 01:41:00 -------- d-----w- C:\Program Files\Picasa2
2010-02-05 16:27:11 . 2009-06-20 00:40:44 -------- d-----w- C:\Program Files\Bonjour
2010-02-02 23:31:18 . 2010-02-02 23:31:18 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\AGI
2010-01-23 00:24:37 . 2010-01-17 23:24:07 -------- d-----w- C:\Program Files\Yahoo! Games
2010-01-22 19:21:57 . 2004-02-21 13:25:42 -------- d-----w- C:\Program Files\Quicken
2010-01-21 18:10:33 . 2008-06-04 20:08:07 -------- d-----w- C:\Program Files\Microsoft Silverlight
2010-01-20 05:08:10 . 2010-01-20 04:05:35 -------- d-----w- C:\Documents and Settings\All Users.WINDOWS\Application Data\SpinTop
2010-01-20 05:06:58 . 2008-03-09 19:21:12 -------- d---a-w- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2010-01-14 03:07:42 . 2004-07-01 07:39:58 76487 ----a-w- C:\WINDOWS\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-31 16:50:03 . 2009-11-02 16:38:04 353792 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2009-12-31 16:24:39 . 2009-11-01 22:31:12 132 ----a-w- C:\WINDOWS\system32\rezumatenoi.dat
2009-12-21 19:14:05 . 2004-08-23 10:32:02 916480 ------w- C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-20 01:14:18 39408]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 13:56:02 2002160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 00:12:16 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 00:40:08 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 00:38:54 688218]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 03:00:00 335872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2003-07-17 19:50:26 184412]
"Display Settings"="C:\Program Files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 13:26:10 45056]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 01:44:50 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-19 00:23:22 868352]
"CARPService"="carpserv.exe" [2003-05-21 20:35:50 4608]
"QT4HPOT"="C:\Program Files\HPQ\One-Touch\OneTouch.EXE" [2003-10-03 19:10:44 106496]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 17:44:34 31072]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-01 15:28:16 30192]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 04:16:38 39792]

C:\Documents and Settings\Matt.MATT-G4MQKRAU19\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 15:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21:42 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXrPhee]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12:28 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\XLink Kai Evo7\\KaiLaunch.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"=
"C:\\Program Files\\HPQ\\Notebook Utilities\\HPWirelessCfg.exe"=

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 8:56:04 AM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 8:56:02 AM 74480]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;C:\WINDOWS\system32\drivers\caliaud.sys [10/11/2003 9:29:50 AM 291328]
R3 CALIHALA;CALIHALA;C:\WINDOWS\system32\drivers\calihal.sys [10/11/2003 9:29:50 AM 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\drivers\DP83815.sys [7/16/2003 9:01:02 PM 28280]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 8:56:06 AM 7408]
S2 gupdate1c97aa2610d3cc0;Google Update Service (gupdate1c97aa2610d3cc0);C:\Program Files\Google\Update\GoogleUpdate.exe [1/19/2009 8:56:50 PM 133104]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [1/19/2009 8:36:35 PM 30192]
S3 Z302Mic;Vimicro Z302 Mic Audio Filter Driver;C:\WINDOWS\system32\drivers\UsbMicfilt.sys --> C:\WINDOWS\system32\drivers\UsbMicfilt.sys [?]
S3 ZSMC302;PC CAM 300A;C:\WINDOWS\system32\Drivers\usbvm302.sys --> C:\WINDOWS\system32\Drivers\usbvm302.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-03-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-20 01:56:50 . 2009-06-01 16:58:34]

2010-03-20 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-01-20 01:56:50 . 2009-06-01 16:58:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.yahoo.com/
mStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = dormproxy:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-HijackThis - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 14:27:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????3?3?7?0??@???? ?deB???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-764733703-1060284298-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\WINDOWS\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2548)
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\system32\PortableDeviceTypes.dll
C:\WINDOWS\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\carpserv.exe
.
**************************************************************************
.
Completion time: 2010-03-20 14:33:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-20 19:33:55

Pre-Run: 42,833,326,080 bytes free
Post-Run: 42,759,479,296 bytes free

- - End Of File - - 37290171ED8DC68E42B5AC16592247AE



That's all folks! I don't know what to call my problem that you fixed, or what kind it was (other than "Stupid Woman!") But if I need to do more, please let me know. I am so very grateful you can bet when I get my disability back pay, I will put some on this site. How can I say "thank you" to all the kind and super intelligent people that helped me? So I will say, "THANK YOU VERY MUCH ALL OF YOU THAT HELPED ME!!!!" :) Did you happen to read my whole email st time about where & what am I supposed to do with my setting on the computer & exactly what can I do on my computer without catching a bug of somekind? :)
  • 0

#9
munkishinz
Posted 20 March 2010 - 02:57 PM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hi,it's me again! I have downloaded the Avast Free copy of the Antivirus to my desktop. I let it install (?) and then I clicked "run" and I got this message---

Avast!Free Antivirus


Setup Selfextract
An error 82 (00000052) has occured.
Last performed operation was:
extracting main exe

How awful is this or what? Am I holding my mouth wrong or something? :) :) :) :)
  • 0

#10
RKinner
Posted 20 March 2010 - 03:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Delete the program you downloaded and download it again. It may have gotten garbled on the way.

Ron
  • 0

Advertisements

#11
munkishinz
Posted 20 March 2010 - 05:15 PM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
I'm begining to bother myself and think I will take a hammer to the computer and we will both be out of our misery. :) I have deleted and downloaded the stupid AntiVirus three times! It still gives me the error message

Setup Selfextract
An error 82 (00000052) has occured.
Last performed operation was:
extracting main exe

I believe that my computer is still....still messed up somehow. :) :) :) I went to the Avast site and registered and got a confirmation. I then went to the support center and it told me to go to the safe mode of the computer and go find the file c;\setupeng.exe and install it from there and then back out. What an insane thing to do. If I cannot access it from a normal desktop mode, what good is it? Do you have any other suggestions of other secure antivirus free downloads that won't break my piggy bank??? I'm apologizing again for being a nag and a pain, I have a remote access....cant we do that or get on the phone and someone talk me through it? Gee Louiz, Every since I got Net Zero it has been a struggle just to look at maps of the US on the computer. Please help!
  • 0

#12
RKinner
Posted 20 March 2010 - 06:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The advice is good. Reboot and when you see the PC Maker's Logo or hear a beep, start tapping the F8 key slowly. Keep tapping until you get to the Safe Mode menu. Then chose the top option (Safe Mode) and hit Enter. Log in as your usual login or you will have problems finding the setupeng.exe which is usually on your desktop and not C:\.

You can send me an invitation to do Remote Assistance if you know how. I will send you my email in a PM. Another possibility which I prefer is to get a free logmein account and send me the username and password. https://secure.logme.../products/free/

Ron
  • 0

#13
munkishinz
Posted 20 March 2010 - 06:53 PM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Hey....I went to LogMeIn and got signed up for free account.I downloaded the stuff for it to be able to use, tried to install it and it wouldn't install because it said my temp folder was full. It gave me 2 choices, 1 was to get their techs to help and write up a ticket or look for previous problems at their site. The other was for me to clean my file foler and go to the place that will let the software install. WHAT A PAIN! I am tired and think I might just never use this computer again. It makes me frustrated, sad and extremely distressed because I feel stupid that I can't make it work.
:)
  • 0

#14
munkishinz
Posted 20 March 2010 - 07:35 PM

munkishinz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
RKenner- In my computer Internet Settings I found this information

About Remote Assistance

Sometimes the best way to fix a problem is to have someone show you how. Remote Assistance is a convenient way for a friend in another location to connect to your computer from another computer running a compatible operating system, such as Microsoft Windows XP, and walk you through your solution.


After your friend is connected, he or she will be able to view your computer screen and chat online with you in real time about what you both see. With your permission, your friend can even use his or her mouse and keyboard to work with you on your computer. :) :)

Notes

Both you and your assistant must be using either Windows Messenger or a MAPI-compliant e-mail account such as Microsoft Outlook or Outlook Express.
You and your assistant need to be connected to the Internet while using Remote Assistance.
If Windows Firewall is turned on, Remote Assistance will temporarily open firewall ports.
If you are working on a corporate or local area network, firewalls might stop you from using Remote Assistance. In this case, check with your network administrator before using Remote Assistance.
  • 0

#15
RKinner
Posted 21 March 2010 - 12:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, Run, cmd, OK

This will bring up a black screen with a prompt. Type (with an Enter after each line)

set >> junk.txt

(set SPACE >> SPACE junk.txt)

notepad junk.txt

(notepad SPACE junk.txt)

(Notepad will open. Copy the text by highlighting (or Ctrl + a) and copy (Ctrl + c) then move to a reply and paste it in with Ctrl + v. Send the reply then Close notepad.)

exit
(window closes)

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP