Results 1 to 5 of 5

Thread: $_3472452.exe

  1. #1
    Junior Member
    Join Date
    Mar 2007
    Posts
    2

    Default $_3472452.exe

    Hello, I'm new here. I have a problem with ($_3472452.exe). Internet Explorer keeps crashing. I hope you'll help me. I'm sending the log report after scanning.

    SpyHolesList Version:1.7
    11.03.2007 10:41:44
    WinDir=C:\WINNT
    Startup=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Microsoft Windows 2000 Service Pack 3 (5.0.2195)
    Internet Explorer 6 (Windows XP) 6.0.2600.0000
    [In memory]
    [Running Processes] C:\WINNT\SYSTEM32\SMSS.EXE
    [Running Processes] C:\WINNT\SYSTEM32\WINLOGON.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SERVICES.EXE
    [Running Processes] C:\WINNT\SYSTEM32\LSASS.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
    [Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
    [Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SPOOLSV.EXE
    [Running Processes] C:\WINNT\SYSTEM32\MSDTC.EXE
    [Running Processes] C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
    [Running Processes] C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
    [Running Processes] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
    [Running Processes] C:\WINNT\SYSTEM32\LLSSRV.EXE
    [Running Processes] C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLSERVR.EXE
    [Running Processes] C:\WINNT\SYSTEM32\REGSVC.EXE
    [Running Processes] C:\WINNT\SYSTEM32\MSTASK.EXE
    [Running Processes] C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
    [Running Processes] C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
    [Running Processes] C:\WINNT\EXPLORER.EXE
    [Running Processes] C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
    [Running Processes] C:\WINNT\SYSTEM32\DFSSVC.EXE
    [Running Processes] C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
    [Running Processes] C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE
    [Running Processes] C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLAGENT.EXE
    [Running Processes] C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\DRVLSNR.EXE
    [Running Processes] C:\WINNT\SYSTEM32\CARPSERV.EXE
    [Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
    [Running Processes] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
    [Running Processes] C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
    [Running Processes] C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE
    [Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
    [Running Processes] C:\SUPERBAST\QENDRA\IMPEX.EXE
    [Running Processes] C:\PROGRA~1\MI1933~1\OFFICE\MSACCESS.EXE
    [Running Processes] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    [Running Processes] C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.922\REANIMATOR.EXE
    [Running Processes] C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACRORD32.EXE
    [Running Processes] C:\WINNT\TEMP\$_3472452.EXE

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi Baro2,

    HJT is much more useful than SpyHolesList.
    your are behind on a service pack for windows 2000.

    you can get hjt like this:
    * Downloads:
    * Please make sure you have the latest version. HJT 1.99.1
    * http://www.downloads.subratam.org/hijackthis.zip
    * If you are unfamiliar with zip programs get HijackThis.exe here:
    * http://www.merijn.org/files/HijackThis.exe

    * First put hijackthis into a permanent folder.
    * Do this first - go to C: and create a new permanent folder.
    Example C:\AntiSpyWare or C:\hijackthis
    * This is necessary to ensure you have backups should anything go wrong.
    * Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder.
    If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.
    * Example of the wrong way:
    C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory for hijackthis.zip\HijackThis.exe
    * Running hjt from the wrong folder may delay assistance as your helper will have to ask for a new log.

    If in doubt use this link to get HijackThis.
    Save it to your desktop and then double-click to run it.
    It will install the program in c:\program files\HijackThis.

    * Double click HijackThis.exe.
    * Hit None Of The Above, just start the program.
    * Hit Scan.
    * When the scan is finished, the "Scan" button will change into a "Save Log" button.
    * Click that, save the log somewhere, and copy/paste in next reply
    a) The HJT log

    shelf life
    How Can I Reduce My Risk?

  3. #3
    Junior Member
    Join Date
    Mar 2007
    Posts
    2

    Default Help needed

    I am also posting the hijack this log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:41:38 , on 11/03/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\msdtc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\WINNT\System32\llssrv.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\Dfssvc.exe
    C:\WINNT\System32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
    C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
    C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    C:\WINNT\System32\carpserv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\temp\$_3472452.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\MI1933~1\Office\MSACCESS.EXE
    C:\Superbast\QENDRA\impex.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    E:\downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:3128
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
    O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6D4B36B-D242-4639-B58D-8D35EEF387FC}: NameServer = 85.255.113.106,85.255.112.167
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Give me a piece of advice...

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,067

    Default

    hi Baro2,

    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/file...Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    Once the desktop loads please post the text that will open (report.txt).
    and a new hjt log.

    shelf life
    How Can I Reduce My Risk?

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,457

    Default



    Due to lack of a response to helper this topic has been archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread.

    Applies only to the original poster, anyone else with similar problems please start a new topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •