1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't access microsoft websites, boot problems W32Ramnit?

Discussion in 'Virus & Other Malware Removal' started by CompressedDust, Nov 16, 2011.

Thread Status:
Not open for further replies.
  1. CompressedDust

    CompressedDust Thread Starter

    Joined:
    Nov 16, 2011
    Messages:
    4
    The computer I'm using is having a lot of problems right now. About a week ago we let avira update itself to its new version, not long after this trouble began. I noticed the Avira icon wasn't appearing in the system tray on the bottom right but I wasn't sure whether it was on or off. Not long after this I discovered I was unable to access the avira site - I assumed it was just down. I tried to use a system restore point hoping it might get around Avira (I thought the new version might be causing problems, the new version did too though not this badly) but this just made things worse. Clicking any icon on the desktop just caused it to lock up - the cursor turned to an hour glass and just froze. I tried to boot in safe mode but it wouldn't let me.

    Without being able to boot up even in safe mode I decided to try the recovery partition. This got the computer functional again but I still can't access microsoft websites or the avira website. After doing some research I realised that blocking microsoft and anti virus websites is a calling card of certain viruses.

    Avast which I'd downloaded the free version of to temporairily replace avira found a lot of results for W32.Ramnit but quickly filled its chest even after I enlarged it to two gig. I think I may have let it delete something I shouldn't have as well as I keep getting messages titled

    "Unload"

    "The Feature you are trying to use is on a network resource that is not available"

    "Click ok to try again or enter an alternate path to a folder containing the installation package Unload.msi in the box below"

    "Use source: c:\hp\tmp\src\setup\Unloadintent\"

    It doesn't seem to be stopping anything working but still I'd rather get it fixed.


    It found lots of entries for W32:Ramnit and a few other things which I told Avast to send to the virus chest.

    I read a couple of earlier posts on the forum about issues like this but I thought it would be best to show you my own hijackthis scan rather than try to follow the steps suggested for someone elses computer.

    Let me know if you need anymore information

    The only good thing about this is that we have all important personal data on this computer backed up so we can't loose anything.

    Any help you can give would be greatly appreciated.


    System Specs:

    Hp Pavillion
    Windows XP Service Home edition 2002 version service pack 2 (service pack 3 before I used the recovery partition).
    AMD Athlong 64 Processor 3200+
    1.99ghz 960mb of RAM
    ATI Radeon Xpress 200 series

    This is a hijack this scan I performed just now


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:33:12, on 16/11/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\HP_Owner.YOUR-C94F920E24\Desktop\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\Documents and Settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\crtnhqku\kulauqtl.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [KulAuqtl] C:\Documents and Settings\HP_Owner.YOUR-C94F920E24\Local Settings\Application Data\crtnhqku\kulauqtl.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - Global Startup: Belkin Wireless Networking Utility.lnk = C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Belkin Wifi Service - Unknown owner - C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    --
    End of file - 8680 bytes
     
  2. CompressedDust

    CompressedDust Thread Starter

    Joined:
    Nov 16, 2011
    Messages:
    4
    I just thought I'd bump this post up. Stupidly I didn't see the must read topic so I didn't include the DDS log or the gmer scan in the original post.

    The past couple of days have made me strongly suspect I did let avast delete something it shouldn't have though I'm not sure exactly what but I'm still getting the unload messages mentioned in the previous post.

    Anyway I understand you're always busy so I'm happy to wait.

    Again any help would be greatly appreciated.

    This is the DDS log
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180
    Run by HP_Owner at 22:59:36 on 2011-11-17
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.958.391 [GMT 0:00]
    .
    AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Security 2006 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Belkin\F5D8053\v6\WifiSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\CyberLink\PowerCinema\PCMService.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    C:\Program Files\Belkin\F5D8053\v6\Belkinwcui.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\documents and settings\hp_owner.your-c94f920e24\local settings\application data\crtnhqku\kulauqtl.exe
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [KulAuqtl] c:\documents and settings\hp_owner.your-c94f920e24\local settings\application data\crtnhqku\kulauqtl.exe
    mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
    mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
    mRun: [PCDrProfiler]
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
    mRun: [SSC_UserPrompt] "c:\program files\common files\symantec shared\security center\UsrPrmpt.exe"
    mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
    mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\program files\belkin\f5d8053\v6\Belkinwcui.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{01C79DFE-6A25-48C0-B0C4-B8881E914877} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    TCP: Interfaces\{6AB53489-2A57-438C-A2DF-F2566F906F3A} : DhcpNameServer = 192.168.1.254
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\hp_owner.your-c94f920e24\application data\mozilla\firefox\profiles\n56b3qt1.default\
    FF - prefs.js: network.proxy.type - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-14 442200]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-14 320856]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-14 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-12 44768]
    R2 Belkin Wifi Service;Belkin Wifi Service;c:\program files\belkin\f5d8053\v6\WifiSvc.exe [2010-1-6 274432]
    R2 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-8-27 53896]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 584832]
    S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-9-17 192112]
    S2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2005-9-17 202352]
    S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-9-17 169584]
    S2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2005-10-7 133744]
    S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\docume~1\hp_own~1.you\locals~1\temp\rjmkunpx.sys --> c:\docume~1\hp_own~1.you\locals~1\temp\rjmkunpx.sys [?]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20060104.006\NAVENG.Sys [2006-10-30 77864]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20060104.006\NavEx15.Sys [2006-10-30 750952]
    S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-8-27 334984]
    S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-8-27 198368]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-10-30 1119888]
    .
    =============== Created Last 30 ================
    .
    2011-11-14 20:10:32 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-14 04:48:04 -------- d-sh--r- c:\windows\system32\dllcache
    2011-11-14 00:32:15 -------- d-----w- c:\windows\system32\LogFiles
    2011-11-13 23:42:01 -------- d-s---w- c:\documents and settings\hp_owner.your-c94f920e24\UserData
    2011-11-13 23:02:21 -------- d-----w- c:\documents and settings\hp_owner.your-c94f920e24\application data\HPQ
    2011-11-13 22:59:32 -------- d-sh--r- C:\cmdcons
    2011-11-13 22:56:44 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-11-13 22:56:44 -------- d-----w- c:\documents and settings\hp_owner.your-c94f920e24\local settings\application data\crtnhqku
    2011-11-13 22:30:50 -------- d-----w- c:\documents and settings\hp_owner.your-c94f920e24\local settings\application data\Adobe
    2011-11-13 22:23:05 221184 ----a-w- c:\windows\system32\wmpns.dll
    2011-11-12 23:55:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-12 23:55:20 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2011-11-12 23:55:19 -------- d-----w- c:\program files\AVAST Software
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 23:06:38.62 ===============
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027149

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice