Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Explorer.exe crash (0xc0000142) Error On startup [Solved]


  • This topic is locked This topic is locked

#1
f0xy

f0xy

    Member

  • Member
  • PipPip
  • 72 posts
Hello there!

I have had problems with spyware/viri for the first time of using a computer!! (W32.Virut.cf).

Here is a copy of my Hijackthis report. I would like help on this matter if possible.

I have used, symantec antivirus, superantispyware, ad aware and registry first aid.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:29, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\twex.exe,
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1234971124525
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00FE899-7F4E-421F-B517-57D4F758B99A}: NameServer = 212.73.32.3 212.73.32.67
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6002 bytes


If anything else catches ur eye in this log, please help me to sort it! :)

Many Thanks,

Ryan
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Looking at your system now, one or more of the identified infections is a backdoor Trojan.

If this computer is ever used for on-line banking, I suggest you do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.




Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

  • 0

#3
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
SDFix: Version 1.240
Run by Administrator on 21/02/2009 at 20:54

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 20:59:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\WINDOWS\\system32\\services.exe"="C:\\WINDOWS\\system32\\services.exe:*:enabled:@shell32.dll,-1"
"\\??\\C:\\WINDOWS\\system32\\winlogon.exe"="\\??\\C:\\WINDOWS\\system32\\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files :



Files with Hidden Attributes :

Wed 18 Feb 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!
  • 0

#4
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
This is an upto date HJT Scan report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:09, on 21/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1234971124525
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00FE899-7F4E-421F-B517-57D4F758B99A}: NameServer = 212.73.32.3 212.73.32.67
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 5954 bytes
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#6
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ComboFix 09-02-19.01 - Administrator 2009-02-21 22:53:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2037 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\ntdetect.PIF
c:\windows\system32\ctfmon.exe.tmp
c:\windows\system32\d3d8caps.dat
c:\windows\system32\twain32
c:\windows\system32\twain32\local.ds
c:\windows\system32\twain32\user.ds

----- BITS: Possible infected sites -----

hxxp://speedytorrents.net
.
((((((((((((((((((((((((( Files Created from 2009-01-21 to 2009-02-21 )))))))))))))))))))))))))))))))
.

2009-02-21 21:12 . 2009-02-21 21:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-21 21:12 . 2009-02-21 21:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-21 21:12 . 2009-02-21 21:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-02-21 21:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-21 21:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-21 20:53 . 2009-02-21 20:53 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-21 20:52 . 2009-02-21 20:52 <DIR> d-------- c:\windows\ERUNT
2009-02-21 20:49 . 2009-02-21 21:02 <DIR> d-------- C:\SDFix
2009-02-21 20:20 . 2009-02-21 20:21 <DIR> d-------- c:\windows\system32\Adobe
2009-02-21 19:59 . 2009-02-21 19:59 <DIR> d--h----- c:\windows\PIF
2009-02-21 17:53 . 2009-02-21 17:53 <DIR> d-------- c:\program files\Lavalys
2009-02-21 17:11 . 2009-02-21 17:11 <DIR> d-------- c:\program files\RFA
2009-02-21 17:11 . 2009-02-21 17:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\RFA_Backups
2009-02-21 16:19 . 2009-02-21 16:23 163,712 --a------ c:\windows\system32\drivers\vidstub.sys
2009-02-20 21:22 . 2009-02-20 21:22 0 --a------ c:\windows\nsreg.dat
2009-02-19 17:44 . 2009-02-19 17:44 <DIR> d-------- c:\program files\Lavasoft RegHance
2009-02-19 17:35 . 2009-02-19 17:35 <DIR> d-------- c:\program files\Lavasoft
2009-02-19 17:35 . 2009-02-19 17:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Lavasoft
2009-02-19 17:34 . 2009-02-19 17:34 <DIR> d-------- c:\program files\Bit Che
2009-02-19 17:34 . 2009-02-19 17:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Convivea
2009-02-19 17:05 . 2009-02-19 17:05 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-02-19 17:05 . 2009-02-19 17:05 1,152 --a------ c:\windows\system32\windrv.sys
2009-02-19 16:27 . 2009-02-19 16:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\MSN6
2009-02-19 16:27 . 2009-02-19 16:28 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6
2009-02-19 16:03 . 2009-02-19 16:04 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-02-19 16:03 . 2009-02-19 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-19 16:03 . 2009-02-19 16:03 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-02-19 14:15 . 2009-02-19 15:30 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-19 13:55 . 2009-02-19 13:55 <DIR> d-------- c:\program files\Trend Micro
2009-02-19 13:44 . 2009-02-19 13:44 <DIR> d-------- c:\documents and settings\Administrator\.housecall6.6
2009-02-19 13:43 . 2009-02-19 13:43 <DIR> d-------- c:\windows\Sun
2009-02-19 08:59 . 2009-02-19 08:59 0 --a------ c:\windows\vpc32.INI
2009-02-19 02:21 . 2009-02-19 02:21 <DIR> d-------- c:\program files\CCleaner
2009-02-19 00:56 . 2009-02-19 00:56 1,033,728 --a------ c:\windows\explorer.exe
2009-02-19 00:48 . 2009-02-21 16:19 <DIR> d-------- c:\program files\Stardock
2009-02-19 00:48 . 2009-02-19 00:48 <DIR> d-------- c:\program files\Common Files\Stardock
2009-02-19 00:37 . 2009-02-19 00:37 <DIR> d-------- c:\program files\uTorrent
2009-02-19 00:36 . 2009-02-21 18:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\uTorrent
2009-02-19 00:36 . 2004-03-09 00:00 1,081,616 --a------ c:\windows\system32\mscomctl.OCX
2009-02-19 00:36 . 2004-03-09 00:00 152,848 --a------ c:\windows\system32\comdlg32.OCX
2009-02-19 00:36 . 2004-03-09 00:00 124,688 --a------ c:\windows\system32\mswinsck.ocx
2009-02-19 00:15 . 2009-02-19 00:15 <DIR> d-------- c:\program files\Google
2009-02-18 23:45 . 2008-04-14 00:12 218,624 --a------ c:\windows\system32\uxtheme.uxtender
2009-02-18 23:39 . 2009-02-21 22:49 <DIR> d-------- c:\program files\Symantec AntiVirus
2009-02-18 23:39 . 2009-02-18 23:39 <DIR> d-------- c:\program files\Symantec
2009-02-18 23:39 . 2009-02-18 23:40 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-02-18 23:39 . 2009-02-18 23:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-18 23:39 . 2009-02-18 23:39 110,952 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-18 23:39 . 2009-02-18 23:39 48,768 --a------ c:\windows\system32\S32EVNT1.DLL
2009-02-18 23:39 . 2009-02-18 23:39 8,014 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-18 23:39 . 2009-02-18 23:39 805 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-02-18 23:33 . 2009-02-18 23:33 <DIR> d-------- c:\program files\PowerISO
2009-02-18 23:31 . 2008-12-20 23:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-18 23:31 . 2007-04-17 09:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-18 23:31 . 2007-03-08 05:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-18 23:31 . 2008-12-20 23:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-18 23:31 . 2008-12-20 23:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-18 23:31 . 2008-12-20 23:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-18 23:31 . 2008-12-20 23:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-18 23:31 . 2008-12-20 23:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-18 23:31 . 2009-02-19 04:50 13,824 --a--c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-18 23:25 . 2004-08-14 02:56 5,810 --a------ c:\windows\system32\drivers\ASACPI.sys
2009-02-18 23:22 . 2009-02-18 23:22 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-02-18 23:22 . 2008-04-14 00:12 221,184 --a------ c:\windows\system32\wmpns.dll
2009-02-18 23:21 . 2009-02-19 02:25 <DIR> d-------- c:\windows\system32\LogFiles
2009-02-18 23:21 . 2009-02-18 23:21 <DIR> d-------- c:\windows\system32\drivers\UMDF
2009-02-18 23:19 . 2008-12-11 10:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys
2009-02-18 23:15 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-02-18 23:14 . 2008-08-14 10:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-18 23:14 . 2008-08-14 10:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-18 23:14 . 2008-08-14 09:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-18 23:14 . 2008-08-14 09:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-18 23:14 . 2008-09-15 12:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2009-02-18 23:14 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2009-02-18 23:14 . 2008-10-15 16:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2009-02-18 23:13 . 2008-05-01 14:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2009-02-18 23:12 . 2008-04-11 19:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2009-02-18 23:12 . 2008-06-13 11:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-02-18 23:12 . 2008-05-08 14:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys
2009-02-18 22:58 . 2009-02-18 22:58 <DIR> d-------- c:\program files\Java
2009-02-18 22:58 . 2009-02-18 22:58 <DIR> d-------- c:\program files\Common Files\Java
2009-02-18 22:58 . 2004-02-22 23:44 61,555 --a------ c:\windows\system32\jpicpl32.cpl
2009-02-18 22:57 . 2009-02-18 22:57 <DIR> d-------- c:\program files\Realtek Sound Manager
2009-02-18 22:57 . 2009-02-18 22:57 <DIR> d-------- c:\program files\AvRack
2009-02-18 22:57 . 2001-07-06 00:19 164 --a------ c:\windows\avrack.ini
2009-02-18 22:56 . 2009-02-18 22:57 <DIR> d-------- c:\program files\Realtek AC97
2009-02-18 22:56 . 2005-06-21 10:09 18,751,488 --a------ c:\windows\system32\ALSNDMGR.CPL
2009-02-18 22:56 . 2009-02-19 05:46 9,412,096 --a------ c:\windows\system32\RTLCPL.EXE
2009-02-18 22:56 . 2005-06-20 22:08 2,324,480 --a------ c:\windows\system32\drivers\ALCXWDM.SYS
2009-02-18 22:56 . 2009-02-19 03:04 294,912 --a------ c:\windows\alcupd.exe
2009-02-18 22:56 . 2009-02-19 03:04 200,704 --a------ c:\windows\alcrmv.exe
2009-02-18 22:56 . 2004-09-07 14:23 156,672 --a------ c:\windows\system32\RTLCPAPI.dll
2009-02-18 22:56 . 2002-02-05 13:54 141,016 --a------ c:\windows\system32\ALSNDMGR.WAV
2009-02-18 22:56 . 2009-02-19 04:37 77,824 --a------ c:\windows\SOUNDMAN.EXE
2009-02-18 22:56 . 2009-02-19 04:39 44,384 --a------ c:\windows\system32\ChCfg.exe
2009-02-18 22:53 . 2009-02-19 05:22 446,464 --a------ c:\windows\system32\nvunrm.exe
2009-02-18 22:53 . 2008-07-29 13:30 6,045 --a------ c:\windows\system32\nvnrm.nvu
2009-02-18 22:53 . 2008-07-08 01:45 4,984 --a------ c:\windows\system32\drivers\nvphy.bin
2009-02-18 22:46 . 2005-12-01 11:01 524,288 --a------ c:\windows\A8NSD016.BIN
2009-02-18 22:45 . 2009-02-18 22:46 453,395 --a------ c:\windows\A8NSD016.zip
2009-02-18 22:40 . 2009-02-19 09:52 <DIR> d--h----- c:\program files\InstallShield Installation Information
2009-02-18 22:32 . 2008-05-03 05:46 182,347 --a------ c:\windows\system32\nvapps.nvb
2009-02-18 17:48 . 2009-02-18 22:51 <DIR> d-------- c:\windows\nview
2009-02-18 17:48 . 2009-02-18 22:49 <DIR> d-------- c:\windows\nvidia icons
2009-02-18 17:48 . 2009-02-19 05:21 442,368 --a------ c:\windows\system32\nvudisp.exe
2009-02-18 17:48 . 2009-02-21 21:18 177,348 --a------ c:\windows\system32\nvapps.xml
2009-02-18 17:48 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2009-02-18 17:47 . 2009-02-19 09:52 <DIR> d-------- c:\program files\Common Files\InstallShield
2009-02-18 17:45 . 2008-07-10 04:07 7,143 --a------ c:\windows\system32\nvide.nvu
2009-02-18 17:44 . 2009-02-18 17:47 <DIR> d-------- C:\NVIDIA
2009-02-18 17:44 . 2008-08-27 13:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-02-18 17:33 . 2009-02-18 17:33 664 --a------ c:\windows\system32\d3d9caps.dat
2009-02-18 17:21 . 2009-02-18 17:21 <DIR> d-------- c:\windows\system32\scripting
2009-02-18 17:21 . 2009-02-18 17:21 <DIR> d-------- c:\windows\system32\en
2009-02-18 17:21 . 2009-02-18 17:21 <DIR> d-------- c:\windows\l2schemas
2009-02-18 17:12 . 2006-10-18 21:47 542,720 -----c--- c:\windows\system32\dllcache\blackbox.dll
2009-02-18 16:39 . 2009-02-18 16:39 <DIR> d-------- c:\windows\provisioning
2009-02-18 16:39 . 2009-02-18 17:21 <DIR> d-------- c:\windows\peernet
2009-02-18 16:39 . 2009-02-18 17:26 316,640 --a------ c:\windows\WMSysPr9.prx
2009-02-18 16:38 . 2009-02-18 16:38 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-18 16:36 . 2009-02-18 17:16 <DIR> d-------- c:\windows\EHome
2009-02-18 16:34 . 2002-04-15 21:11 67,866 --------- c:\windows\system32\drivers\netwlan5.img
2009-02-18 16:34 . 2009-02-19 11:30 11,264 --a------ c:\windows\system32\spnpinst.exe
2009-02-18 16:34 . 2004-08-02 14:20 7,208 --------- c:\windows\system32\secupd.sig
2009-02-18 16:34 . 2004-08-02 14:20 4,569 --------- c:\windows\system32\secupd.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 16:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-19 13:11 64,000 ----a-w c:\windows\system32\cleanmgr.exe
2009-02-19 12:34 10,752 ----a-w c:\windows\hh.exe
2009-02-19 12:21 99,840 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helphost.exe
2009-02-19 12:21 69,120 ----a-w c:\windows\notepad.exe
2009-02-19 12:20 744,448 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2009-02-19 12:20 35,328 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\notiflag.exe
2009-02-19 12:20 18,432 ----a-w c:\windows\PCHealth\HelpCtr\Binaries\hscupd.exe
2009-02-19 12:20 150,528 ----a-w c:\windows\PCHealth\UploadLB\Binaries\uploadm.exe
2009-02-19 12:19 146,432 ----a-w c:\windows\regedit.exe
2009-02-19 12:19 14,336 ----a-w c:\windows\system32\ssstars.scr
2009-02-19 12:18 9,216 ----a-w c:\windows\system32\subst.exe
2009-02-19 12:18 679,936 ----a-w c:\windows\system32\sstext3d.scr
2009-02-19 12:18 51,200 ----a-w c:\windows\system32\syncapp.exe
2009-02-19 12:18 14,848 ----a-w c:\windows\system32\stimon.exe
2009-02-19 12:17 71,680 ----a-w c:\windows\system32\systeminfo.exe
2009-02-19 12:17 36,864 ----a-w c:\windows\system32\syskey.exe
2009-02-19 12:17 106,496 ----a-w c:\windows\system32\sysocmgr.exe
2009-02-19 12:16 77,824 ----a-w c:\windows\system32\tasklist.exe
2009-02-19 12:16 76,288 ----a-w c:\windows\system32\taskkill.exe
2009-02-19 12:16 3,072 ----a-w c:\windows\system32\systray.exe
2009-02-19 12:16 12,288 ----a-w c:\windows\system32\tcmsetup.exe
2009-02-19 12:15 75,776 ----a-w c:\windows\system32\telnet.exe
2009-02-19 12:15 19,456 ----a-w c:\windows\system32\tcpsvcs.exe
2009-02-19 12:15 16,896 ----a-w c:\windows\system32\tftp.exe
2009-02-19 12:14 78,336 ----a-w c:\windows\system32\tlntsess.exe
2009-02-19 12:14 73,216 ----a-w c:\windows\system32\tlntsvr.exe
2009-02-19 12:14 61,440 ----a-w c:\windows\system32\tlntadmn.exe
2009-02-19 12:13 347,136 ----a-w c:\windows\system32\tourstart.exe
2009-02-19 12:13 31,744 ----a-w c:\windows\system32\tracert6.exe
2009-02-19 12:13 259,584 ----a-w c:\windows\system32\tracerpt.exe
2009-02-19 12:13 12,288 ----a-w c:\windows\system32\tracert.exe
2009-02-19 12:12 16,896 ----a-w c:\windows\system32\tsshutdn.exe
2009-02-19 12:12 14,848 ----a-w c:\windows\system32\tsdiscon.exe
2009-02-19 12:12 14,848 ----a-w c:\windows\system32\tscon.exe
2009-02-19 12:12 135,680 ----a-w c:\windows\system32\taskmgr.exe
2009-02-19 11:47 283,648 ----a-w c:\windows\winhlp32.exe
2009-02-19 11:46 30,720 ----a-w c:\windows\system32\xcopy.exe
2009-02-19 11:46 26,112 ----a-w c:\windows\twunk_32.exe
2009-02-19 11:46 15,360 ----a-w c:\windows\taskman.exe
2009-02-19 11:45 32,256 ----a-w c:\windows\system32\wupdmgr.exe
2009-02-19 11:45 165,888 ----a-w c:\windows\system32\wuauclt1.exe
2009-02-19 11:45 155,648 ----a-w c:\windows\system32\wscript.exe
2009-02-19 11:45 13,824 ----a-w c:\windows\system32\wscntfy.exe
2009-02-19 11:44 5,632 ----a-w c:\windows\system32\write.exe
2009-02-19 11:44 32,256 ----a-w c:\windows\system32\wpabaln.exe
2009-02-19 11:44 11,264 ----a-w c:\windows\system32\wpnpinst.exe
2009-02-19 11:43 8,192 ----a-w c:\windows\system32\winhlp32.exe
2009-02-19 11:43 5,632 ----a-w c:\windows\system32\winver.exe
2009-02-19 11:43 119,808 ----a-w c:\windows\system32\winmine.exe
2009-02-19 11:43 11,776 ----a-w c:\windows\system32\winmsd.exe
2009-02-19 11:42 65,024 ----a-w c:\windows\system32\wextract.exe
2009-02-19 11:42 433,664 ----a-w c:\windows\system32\wiaacmgr.exe
2009-02-19 11:40 49,664 ----a-w c:\windows\system32\w32tm.exe
2009-02-19 11:39 98,304 ----a-w c:\windows\system32\verifier.exe
2009-02-19 11:39 33,792 ----a-w c:\windows\system32\vssadmin.exe
2009-02-19 11:39 28,672 ----a-w c:\windows\system32\verclsid.exe
2009-02-19 11:38 77,824 ----a-w c:\windows\system32\usrmlnka.exe
2009-02-19 11:38 69,632 ----a-w c:\windows\system32\usrshuta.exe
2009-02-19 11:38 61,440 ----a-w c:\windows\system32\usrprbda.exe
2009-02-19 11:38 50,176 ----a-w c:\windows\system32\utilman.exe
2009-02-19 11:37 16,896 ----a-w c:\windows\system32\upnpcont.exe
2009-02-19 11:36 4,096 ----a-w c:\windows\system32\unlodctr.exe
2009-02-19 11:36 16,384 ----a-w c:\windows\system32\tskill.exe
2009-02-19 11:33 610,304 ----a-w c:\windows\system32\sspipes.scr
2009-02-19 11:33 47,104 ----a-w c:\windows\system32\ssmypics.scr
2009-02-19 11:33 20,992 ----a-w c:\windows\system32\ssmarque.scr
2009-02-19 11:33 18,944 ----a-w c:\windows\system32\ssmyst.scr
2009-02-19 11:32 393,216 ----a-w c:\windows\system32\ssflwbox.scr
2009-02-19 11:31 19,968 ----a-w c:\windows\system32\ssbezier.scr
2009-02-19 11:30 704,512 ----a-w c:\windows\system32\ss3dfo.scr
2009-02-19 11:30 12,800 ----a-w c:\windows\system32\spiisupd.exe
2009-02-19 11:29 56,832 ----a-w c:\windows\system32\sol.exe
2009-02-19 11:29 538,624 ----a-w c:\windows\system32\spider.exe
2009-02-19 11:29 24,576 ----a-w c:\windows\system32\sort.exe
2009-02-19 11:28 8,192 ----a-w c:\windows\system32\smbinst.exe
2009-02-19 11:28 73,728 ----a-w c:\windows\system32\slserv.exe
2009-02-19 11:28 138,752 ----a-w c:\windows\system32\sndvol32.exe
2009-02-19 11:28 131,584 ----a-w c:\windows\system32\sndrec32.exe
2009-02-19 11:27 70,144 ----a-w c:\windows\system32\sigverif.exe
2009-02-19 11:27 26,112 ----a-w c:\windows\system32\skeys.exe
2009-02-19 11:27 19,456 ----a-w c:\windows\system32\shutdown.exe
2009-02-19 11:26 9,728 ----a-w c:\windows\system32\sfc.exe
2009-02-19 11:26 77,824 ----a-w c:\windows\system32\shrpubw.exe
2009-02-19 11:26 32,768 ----a-w c:\windows\system32\setupn.exe
2009-02-19 11:26 14,848 ----a-w c:\windows\system32\shadow.exe
2009-02-19 11:25 31,232 ----a-w c:\windows\system32\sethc.exe
2009-02-19 11:25 23,040 ----a-w c:\windows\system32\setup.exe
2009-02-19 11:25 18,944 ----a-w c:\windows\system32\secedit.exe
2009-02-19 11:24 9,216 ----a-w c:\windows\system32\scrnsave.scr
2009-02-19 11:24 77,312 ----a-w c:\windows\system32\sdbinst.exe
2009-02-19 11:24 31,232 ----a-w c:\windows\system32\sc.exe
2009-02-19 11:24 121,856 ----a-w c:\windows\system32\schtasks.exe
2009-02-19 11:23 15,872 ----a-w c:\windows\system32\rwinsta.exe
2009-02-19 11:23 14,336 ----a-w c:\windows\system32\runonce.exe
2009-02-19 11:23 13,312 ----a-w c:\windows\system32\savedump.exe
2009-02-19 11:22 77,312 ----a-w c:\windows\system32\rtcshare.exe
2009-02-19 11:22 62,976 ----a-w c:\windows\system32\rsopprov.exe
2009-02-19 11:22 16,384 ----a-w c:\windows\system32\runas.exe
2009-02-19 11:22 107,520 ----a-w c:\windows\system32\rsnotify.exe
.

------- Sigcheck -------

2009-02-19 00:56 1033728 d1951b5f27bb42a500778133f4294a6c c:\windows\explorer.exe
2009-02-19 02:44 1032192 8b93053b25ce84cf9ee00b3dc12f8290 c:\windows\$NtServicePackUninstall$\explorer.exe
2009-02-19 03:17 1033728 d1951b5f27bb42a500778133f4294a6c c:\windows\ServicePackFiles\i386\explorer.exe
2009-02-19 03:45 1032192 8b93053b25ce84cf9ee00b3dc12f8290 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\explorer.exe
2009-02-19 04:15 1033728 d1951b5f27bb42a500778133f4294a6c c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
2009-02-19 04:48 1033728 d1951b5f27bb42a500778133f4294a6c c:\windows\system32\dllcache\explorer.exe

2009-02-19 02:41 15360 08c32a7077014158ba50884d6042067a c:\windows\$NtServicePackUninstall$\ctfmon.exe
2009-02-19 03:15 15360 83737cd06681d80ee6dead3e73eb8ad5 c:\windows\ServicePackFiles\i386\ctfmon.exe
2009-02-19 03:43 15360 08c32a7077014158ba50884d6042067a c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ctfmon.exe
2009-02-19 04:12 15360 83737cd06681d80ee6dead3e73eb8ad5 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
2009-02-19 12:11 15360 83737cd06681d80ee6dead3e73eb8ad5 c:\windows\system32\ctfmon.exe
2009-02-19 04:46 15360 83737cd06681d80ee6dead3e73eb8ad5 c:\windows\system32\dllcache\ctfmon.exe

2009-02-19 02:58 57856 919edc7ff33070ab1ff1ad0d80e9f5dd c:\windows\$NtServicePackUninstall$\spoolsv.exe
2009-02-19 03:34 57856 6b9f964ad2940f717695c8995337e40e c:\windows\ServicePackFiles\i386\spoolsv.exe
2009-02-19 04:01 57856 919edc7ff33070ab1ff1ad0d80e9f5dd c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\spoolsv.exe
2009-02-19 04:31 57856 6b9f964ad2940f717695c8995337e40e c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\spoolsv.exe
2009-02-19 12:11 57856 6b9f964ad2940f717695c8995337e40e c:\windows\system32\spoolsv.exe
2009-02-19 05:02 57856 6b9f964ad2940f717695c8995337e40e c:\windows\system32\dllcache\spoolsv.exe

2009-02-19 03:02 24576 7e8799bc3b82727b443adebd40e928c2 c:\windows\$NtServicePackUninstall$\userinit.exe
2009-02-19 03:37 26112 efe682c9771628f85bb0f49054bd40c2 c:\windows\ServicePackFiles\i386\userinit.exe
2009-02-19 04:04 24576 7e8799bc3b82727b443adebd40e928c2 c:\windows\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\userinit.exe
2009-02-19 04:34 26112 efe682c9771628f85bb0f49054bd40c2 c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
2009-02-19 12:11 26112 efe682c9771628f85bb0f49054bd40c2 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-19 1470464]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2009-02-19 171448]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"rfagent"="c:\program files\RFA\rfagent.exe" [2007-12-04 916800]
"nwiz"="nwiz.exe" [2009-02-19 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"PreXPSP2ShellProtocolBehavior"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!saswinlogon]
2007-04-19 12:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2009-02-19 12:11 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2009-02-19 01:00 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2009-02-19 01:11 233472 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-19 01:08 32768 c:\program files\Java\j2re1.4.2_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2009-02-19 00:15 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2009-02-19 04:37 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-02-01 8944]
R1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-01 51440]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-18 99376]
R3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S1 76b1e290;76b1e290;c:\windows\system32\drivers\76b1e290.sys --> c:\windows\system32\drivers\76b1e290.sys [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\VMC_PBStarter.exe
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
mLocal Page = c:\windows\PCHealth\HelpCtr\System\panels\blank.htm
TCP: {F00FE899-7F4E-421F-B517-57D4F758B99A} = 212.73.32.3 212.73.32.67
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tiw6q3rr.default\
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 22:54:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-02-21 22:55:22
ComboFix-quarantined-files.txt 2009-02-21 22:54:59

Pre-Run: 150,339,125,248 bytes free
Post-Run: 150,377,140,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

372










P.S Explorer.exe runs on system startup.
  • 0

#7
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#8
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Iv done the 1st 2 options I will run the Kaspersky now!

Many Thanks
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
ok, post the logs remember
  • 0

#10
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, February 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, February 22, 2009 19:38:06
Records in database: 1831354
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 45652
Threat name: 4
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 01:31:33


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03100004.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03100005.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03100018.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03100019.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05500000.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05A40000\4DBD92E9.VBN Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05A40001\4DBD9334.VBN Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800000.VBN Infected: Backdoor.Win32.KeyStart.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800001.VBN Infected: Backdoor.Win32.KeyStart.bc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800006.VBN Infected: Backdoor.Win32.Frauder.ara 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800007.VBN Infected: Backdoor.Win32.Frauder.ara 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800047.VBN Infected: Virus.Win32.Virut.ce 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E800048.VBN Infected: Virus.Win32.Virut.ce 1

The selected area was scanned.
  • 0

Advertisements


#11
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post the mbam log and a new HJT Log
  • 0

#12
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30:39, on 23/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1234971124525
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.co...iaSmartScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00FE899-7F4E-421F-B517-57D4F758B99A}: NameServer = 212.73.32.3 212.73.32.67
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 6369 bytes
  • 0

#13
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post the malware bytes log
  • 0

#14
f0xy

f0xy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
It's just running a full scan now pal...sorry this whole help thing is takin soo long..girlfriend mithers me when i've been on too long :)
  • 0

#15
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
we will be done after i see that
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP