[Beetrix]

After I received help removing all of my Malware and viruses, I found a fold that says it is a text document. It has very long numbers and letter.
8e802587a54a788fe38. Any help would be appreciated.

[Advertisements]

Let's have a closer look...

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

[greyknight17]

Let's have a closer look...

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

[Beetrix]

The links are not working properly. Can you send me another one.

[greyknight17]

It should be working....I'm attaching it here. Try downloading the attachment.

Attached Files

•  ComboFix.zip   1.66MB   116 downloads

[Beetrix]

I am getting an Error message saying:You cannot rename ComboFix as ComboFix [1]. Please rename it.

[greyknight17]

Did this prompt you when you try to run it? Did you get to the part where it asks you whether you agree to the warning/risk or not?

[Beetrix]

No, it doesn't even ask me that question. My computer won't let me run it at all.

[greyknight17]

Is it saved to the desktop? Also, make sure it's completely downloaded. I think it's around 1.6MB in size.

Restart the computer. Disconnect from the internet and disable all your security programs. Then try running it again.

[Beetrix]

Got it! Here is the log.

ComboFix 08-04-22.5 - HP_Owner 2008-04-23 9:55:08.1 - NTFSx86
Running from: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 1 for ComboFix.zip\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-21 06:06 . 2008-04-21 06:06 <DIR> d-------- C:\Program Files\Sygate
2008-04-21 06:06 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-04-21 06:06 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-04-21 06:06 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-04-21 06:06 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-04-21 06:05 . 2008-04-21 06:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 18:12 . 2008-04-20 18:17 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-20 18:12 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-19 15:47 . 2008-04-19 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 15:44 . 2008-04-20 17:37 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 15:44 . 2008-04-20 17:37 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-04-17 15:44 . 2008-04-17 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes
2008-04-17 14:57 . 2008-04-17 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-15 13:39 . 2008-04-14 19:18 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-15 07:42 . 2008-04-15 07:57 73,352,020 --a------ C:\SYM_REGISTRY_BACKUP.reg
2008-04-15 07:42 . 2008-04-15 07:42 73,342,722 --a------ C:\SYM_REGISTRY_BACKUP.old
2008-04-15 07:27 . 2008-04-15 14:51 <DIR> d-------- C:\Program Files\ACW
2008-04-10 12:44 . 2008-04-10 12:44 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-04-10 12:43 . 2008-04-10 12:44 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-10 12:43 . 2008-04-10 12:44 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-10 12:43 . 2008-04-10 12:44 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-10 12:43 . 2008-04-10 12:44 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-10 09:47 . 2008-04-10 09:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-10 06:10 . 2008-04-17 14:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-10 06:10 . 2008-04-10 06:10 1,152 --a------ C:\WINDOWS\system32\windrv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-23 16:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-04-23 14:51 2,098 ----a-w C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2008-04-23 12:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-22 19:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-21 00:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-21 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-17 22:54 --------- d---a-w C:\Program Files\PC-Doctor for Windows
2008-04-17 22:54 --------- d-----w C:\Program Files\IntelliMover Data Transfer Demo
2008-04-14 23:33 --------- d-----w C:\Program Files\Yahoo!
2008-04-11 18:23 --------- d-----w C:\Program Files\RegistrySmart
2008-04-10 20:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-10 19:47 --------- d-----w C:\Program Files\Norton AntiVirus
2008-04-10 19:44 --------- d-----w C:\Program Files\Symantec
2008-04-10 19:33 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-04-10 03:17 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\PictureTrail
2008-04-04 01:18 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2008-03-30 12:34 --------- d-----w C:\Program Files\Google
2008-03-21 18:22 --------- d-----w C:\Program Files\Java
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-07 04:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 04:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 04:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-06 20:43 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-02-06 20:43 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-02-01 10:21 245,408 ----a-w C:\WINDOWS\system32\unicows.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-10 12:45 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpySweeper"="" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2006-07-07 11:28 1110016]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-02-29 01:55 625664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2004-10-22 12:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" [ ]
"DXDllRegExe"="dxdllreg.exe" []
"AutoTBar"="c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2008-02-06 22:49 718704]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\SYMNET~1\SNDWarn.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-08 12:11:03 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 14:33:32 16423]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-09 13:54:54 54776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IBM WebSphere Studio Homepage Builder V6\\bin\\hpbpage.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S2 Blink Service;Blink Service;"C:\Program Files\Blink\blink.exe" "C:\Program Files\Blink\blink.dll" Service []
S3 BW2NDIS5;BW2NDIS5;C:\WINDOWS\system32\Drivers\BW2NDIS5.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2008-04-22 03:30:54 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - HP_Owner.job"
- C:\Program Files\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 10:00:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-04-23 10:03:20
ComboFix-quarantined-files.txt 2008-04-23 17:02:56

Pre-Run: 142,844,559,360 bytes free
Post-Run: 143,351,111,680 bytes free

155 --- E O F --- 2008-04-09 15:17:43

[greyknight17]

What was the problem earlier that was giving you issues on running it?

I can't find that suspicious file/folder, but whatever it is, you may delete it. It's either a Microsoft update or some other non-important file/folder.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and copy/paste in combofix /u and hit OK to remove it. You should be set to go.

[Beetrix]

Oh, I forgot to save it on my desktop!
OK I will delete it. Thank you for you help.

[greyknight17]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.