$_3472452.exe

B

Baro2

New member
Hello, I'm new here. I have a problem with ($_3472452.exe). Internet Explorer keeps crashing. I hope you'll help me. I'm sending the log report after scanning.

SpyHolesList Version:1.7
11.03.2007 10:41:44
WinDir=C:\WINNT
Startup=C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Windows 2000 Service Pack 3 (5.0.2195)
Internet Explorer 6 (Windows XP) 6.0.2600.0000
[In memory]
[Running Processes] C:\WINNT\SYSTEM32\SMSS.EXE
[Running Processes] C:\WINNT\SYSTEM32\WINLOGON.EXE
[Running Processes] C:\WINNT\SYSTEM32\SERVICES.EXE
[Running Processes] C:\WINNT\SYSTEM32\LSASS.EXE
[Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
[Running Processes] C:\WINNT\SYSTEM32\SPOOLSV.EXE
[Running Processes] C:\WINNT\SYSTEM32\MSDTC.EXE
[Running Processes] C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
[Running Processes] C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
[Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
[Running Processes] C:\WINNT\SYSTEM32\LLSSRV.EXE
[Running Processes] C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLSERVR.EXE
[Running Processes] C:\WINNT\SYSTEM32\REGSVC.EXE
[Running Processes] C:\WINNT\SYSTEM32\MSTASK.EXE
[Running Processes] C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
[Running Processes] C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
[Running Processes] C:\WINNT\EXPLORER.EXE
[Running Processes] C:\WINNT\SYSTEM32\WBEM\WINMGMT.EXE
[Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\WINNT\SYSTEM32\DFSSVC.EXE
[Running Processes] C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE
[Running Processes] C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLAGENT.EXE
[Running Processes] C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\DRVLSNR.EXE
[Running Processes] C:\WINNT\SYSTEM32\CARPSERV.EXE
[Running Processes] C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
[Running Processes] C:\PROGRA~1\SYMANT~1\VPTRAY.EXE
[Running Processes] C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
[Running Processes] C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE
[Running Processes] C:\WINNT\SYSTEM32\SVCHOST.EXE
[Running Processes] C:\SUPERBAST\QENDRA\IMPEX.EXE
[Running Processes] C:\PROGRA~1\MI1933~1\OFFICE\MSACCESS.EXE
[Running Processes] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
[Running Processes] C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.922\REANIMATOR.EXE
[Running Processes] C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACRORD32.EXE
[Running Processes] C:\WINNT\TEMP\$_3472452.EXE
 
hi Baro2,

HJT is much more useful than SpyHolesList.
your are behind on a service pack for windows 2000.

you can get hjt like this:
* Downloads:
* Please make sure you have the latest version. HJT 1.99.1
* http://www.downloads.subratam.org/hijackthis.zip
* If you are unfamiliar with zip programs get HijackThis.exe here:
* http://www.merijn.org/files/HijackThis.exe

* First put hijackthis into a permanent folder.
* Do this first - go to C: and create a new permanent folder.
Example C:\AntiSpyWare or C:\hijackthis
* This is necessary to ensure you have backups should anything go wrong.
* Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder.
If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.
* Example of the wrong way:
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory for hijackthis.zip\HijackThis.exe
* Running hjt from the wrong folder may delay assistance as your helper will have to ask for a new log.

If in doubt use this link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.

* Double click HijackThis.exe.
* Hit None Of The Above, just start the program.
* Hit Scan.
* When the scan is finished, the "Scan" button will change into a "Save Log" button.
* Click that, save the log somewhere, and copy/paste in next reply
a) The HJT log

shelf life
 
Help needed

I am also posting the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:38 , on 11/03/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINNT\System32\llssrv.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINNT\System32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\temp\$_3472452.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MI1933~1\Office\MSACCESS.EXE
C:\Superbast\QENDRA\impex.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
E:\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.100:3128
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6D4B36B-D242-4639-B58D-8D35EEF387FC}: NameServer = 85.255.113.106,85.255.112.167
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.106 85.255.112.167
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Give me a piece of advice...
 
hi Baro2,

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).
and a new hjt log.

shelf life
 
:scratch:

Due to lack of a response to helper this topic has been archived. If you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original poster, anyone else with similar problems please start a new topic.
 
You must log in or register to reply here.
Back
Top