1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Need Help! Errors and malfunction

Discussion in 'Virus & Other Malware Removal' started by Lykez, Mar 12, 2012.

Thread Status:
Not open for further replies.
  1. Lykez

    Lykez Thread Starter

    Joined:
    Mar 12, 2012
    Messages:
    3
    So last night i was starting my computer and it gave me a blue screen at windows startup, the pc rebooted and it started to run an hardrive check(i think it removed some files), and then when it reached windows it gave me the "erro ao carregar(error in loading) c:|windows|migca6.dll" also i couldnt start mozilla firefox (using ie to do this post), msn, guitar pro 6, and some other programs. When i try to run any of those programs it gives me 0xc0000103 error. I don't know if i'm infected with any malicious content but my question is if it would be easier to format the pc instead of trying to solve all this problems...
    P.S: It's strange but i can't active or do any windows automatic updates...


    -------------------------------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:46:56, on 12-03-2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Programas\Real\RealPlayer\update\realsched.exe
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\Programas\VIA\RAID\raid_tool.exe
    C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\bruno\Definições locais\Application Data\Google\Update\GoogleUpdate.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Documents and Settings\bruno\Ambiente de trabalho\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PlusService] C:\Programas\Yuna Software\Messenger Plus!\PlusService.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Programas\Ficheiros comuns\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [RaidTool] C:\Programas\VIA\RAID\raid_tool.exe
    O4 - HKLM\..\Run: [nwiz] C:\Programas\NVIDIA Corporation\nView\nwiz.exe /installquiet
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bruno\Definições locais\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Cwibesugune] rundll32.exe "C:\WINDOWS\migca6.dll",Startup
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Serviço de rede')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programas\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    --
    End of file - 7521 bytes

    ---------------------------------------------------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by bruno at 13:51:07 on 2012-03-12
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.2047.1421 [GMT 0:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Programas\SUPERAntiSpyware\SASCORE.EXE
    C:\Programas\Java\jre6\bin\jqs.exe
    C:\Programas\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programas\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Programas\Real\RealPlayer\update\realsched.exe
    C:\Programas\Ficheiros comuns\Java\Java Update\jusched.exe
    C:\Programas\VIA\RAID\raid_tool.exe
    C:\Programas\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\bruno\Definições locais\Application Data\Google\Update\GoogleUpdate.exe
    C:\Programas\Messenger\msmsgs.exe
    C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    C:\Programas\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.pt/
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programas\ficheiros comuns\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Programa Auxiliar de Início de Sessão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programas\ficheiros comuns\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programas\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\programas\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\documents and settings\bruno\definições locais\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Cwibesugune] rundll32.exe "c:\windows\migca6.dll",Startup
    uRun: [MSMSGS] "c:\programas\messenger\msmsgs.exe" /background
    uRun: [SUPERAntiSpyware] c:\programas\superantispyware\SUPERAntiSpyware.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [PlusService] c:\programas\yuna software\messenger plus!\PlusService.exe
    mRun: [Adobe ARM] "c:\programas\ficheiros comuns\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\programas\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\programas\ficheiros comuns\java\java update\jusched.exe"
    mRun: [RaidTool] c:\programas\via\raid\raid_tool.exe
    mRun: [nwiz] c:\programas\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Malwarebytes' Anti-Malware] "c:\programas\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\programas\pokerstars\PokerStarsUpdate.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programas\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\programas\windows live\writer\WriterBrowserExtension.dll
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{CD0EFA59-76E8-453E-938D-7D23C2DE12A6} : DhcpNameServer = 192.168.1.254 192.168.1.254
    Notify: !SASWinLogon - c:\programas\superantispyware\SASWINLO.DLL
    Notify: TPSvc - TPSvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\programas\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\bruno\application data\mozilla\firefox\profiles\bxlkhbzh.default\
    FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\bruno\definiã§ãµes locais\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\programas\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\programas\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\programas\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\programas\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\programas\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\programas\windows live\photo gallery\NPWLPG.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;c:\programas\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\programas\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\programas\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-2-2 54760]
    R2 Htsysm;Htsysm;c:\windows\system32\HtsysmNT.sys [2011-2-14 2304]
    R2 MBAMService;MBAMService;c:\programas\malwarebytes' anti-malware\mbamservice.exe [2012-3-12 652360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-3-12 20464]
    S1 MpKsl0ca7585f;MpKsl0ca7585f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20633019-5eaf-410d-a3f6-f64c84d84330}\mpksl0ca7585f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{20633019-5eaf-410d-a3f6-f64c84d84330}\MpKsl0ca7585f.sys [?]
    S1 MpKsl1c9bcf01;MpKsl1c9bcf01;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63a97adb-a365-473f-853e-c8862d21ba59}\mpksl1c9bcf01.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63a97adb-a365-473f-853e-c8862d21ba59}\MpKsl1c9bcf01.sys [?]
    S1 MpKsl231d9261;MpKsl231d9261;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0444caa-67f8-4877-8115-6132bff67017}\mpksl231d9261.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c0444caa-67f8-4877-8115-6132bff67017}\MpKsl231d9261.sys [?]
    S1 MpKsl3397d278;MpKsl3397d278;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9282e72-66f2-4c56-93d7-a9abb172495c}\mpksl3397d278.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b9282e72-66f2-4c56-93d7-a9abb172495c}\MpKsl3397d278.sys [?]
    S1 MpKsl4d23f54e;MpKsl4d23f54e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566f392d-badf-4887-862d-c5061be10009}\mpksl4d23f54e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{566f392d-badf-4887-862d-c5061be10009}\MpKsl4d23f54e.sys [?]
    S1 MpKsl5915f47e;MpKsl5915f47e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63a97adb-a365-473f-853e-c8862d21ba59}\mpksl5915f47e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{63a97adb-a365-473f-853e-c8862d21ba59}\MpKsl5915f47e.sys [?]
    S1 MpKsl873c356d;MpKsl873c356d;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24333d26-3a5e-4300-beda-c76af679a8ea}\mpksl873c356d.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{24333d26-3a5e-4300-beda-c76af679a8ea}\MpKsl873c356d.sys [?]
    S1 MpKsla1e9a633;MpKsla1e9a633;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa33a5d4-7b77-4518-a7d1-19b4ff850570}\mpksla1e9a633.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fa33a5d4-7b77-4518-a7d1-19b4ff850570}\MpKsla1e9a633.sys [?]
    S1 MpKslaa94e055;MpKslaa94e055;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e8b1b43e-72d7-4b6e-b9c9-cfd8b669408e}\mpkslaa94e055.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e8b1b43e-72d7-4b6e-b9c9-cfd8b669408e}\MpKslaa94e055.sys [?]
    S1 MpKsld537ec8b;MpKsld537ec8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccbdc9c9-6776-46d7-95a2-9dcfaceeb74b}\mpksld537ec8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccbdc9c9-6776-46d7-95a2-9dcfaceeb74b}\MpKsld537ec8b.sys [?]
    S1 MpKsldbe6bf8b;MpKsldbe6bf8b;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d60fa6c-7bc0-4500-b5d5-6ba710533dda}\mpksldbe6bf8b.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2d60fa6c-7bc0-4500-b5d5-6ba710533dda}\MpKsldbe6bf8b.sys [?]
    S3 APR;APR;\??\c:\programas\gamersfirst\knight online\.sysapr --> c:\programas\gamersfirst\knight online\.sysAPR [?]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 fsssvc;Serviço Segurança Familiar do Windows Live;c:\programas\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 xfimod;Sound Blaster XMod;c:\windows\system32\drivers\xfimod.sys --> c:\windows\system32\drivers\xfimod.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-03-12 13:01:32 -------- d-----w- c:\documents and settings\bruno\application data\Malwarebytes
    2012-03-12 13:01:27 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-12 13:01:27 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
    2012-03-12 12:56:52 -------- d-----w- c:\documents and settings\bruno\application data\SUPERAntiSpyware.com
    2012-03-12 12:56:20 -------- d-----w- c:\programas\SUPERAntiSpyware
    2012-03-12 12:56:20 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
    2012-03-12 04:41:52 -------- d-----w- c:\programas\Microsoft Windows 7 Upgrade Advisor
    2012-03-12 04:24:37 -------- d-----w- c:\programas\CCleaner
    2012-03-12 04:09:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-03-12 04:09:37 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-03-12 04:09:29 -------- d-----w- c:\programas\ESET
    2012-03-12 03:58:36 -------- d-----w- c:\programas\Pando Networks
    2012-03-12 03:58:34 -------- d-----w- c:\programas\ficheiros comuns\Blizzard Entertainment
    2012-03-12 03:58:18 -------- d-----w- c:\programas\Ventrilo
    2012-03-12 03:58:17 -------- d-----w- c:\programas\ficheiros comuns\Wise Installation Wizard
    2012-03-12 03:58:14 -------- d-----w- c:\programas\ficheiros comuns\Apple
    2012-03-12 03:57:15 -------- d-----w- c:\programas\Audacity
    2012-03-12 03:57:12 -------- d-----w- c:\programas\REAPER
    2012-03-12 03:57:12 -------- d-----w- c:\programas\Magic Workstation
    2012-03-12 03:56:59 -------- d-----w- c:\programas\SystemRequirementsLab
    2012-03-12 03:56:59 -------- d-----w- c:\programas\Steinberg
    2012-03-12 03:56:59 -------- d-----w- c:\programas\Outsim
    2012-03-12 03:56:59 -------- d-----w- c:\programas\Mattel Interactive
    2012-03-12 01:43:39 -------- d-sh--w- C:\found.000
    2012-03-08 01:19:11 -------- d-----w- c:\documents and settings\bruno\application data\PhotoScape
    2012-03-08 01:18:03 -------- d-----w- c:\programas\PhotoScape
    2012-03-07 03:35:20 -------- d-----w- c:\documents and settings\bruno\application data\Dropbox
    2012-03-05 13:48:27 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-03-05 13:41:39 -------- d-----w- c:\windows\system32\drivers\AVG
    .
    ==================== Find3M ====================
    .
    2012-03-12 02:39:47 253056 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2012-03-12 02:39:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2012-03-05 02:56:13 253056 ----a-w- c:\windows\system32\nvdrsdb1.bin
    .
    ============= FINISH: 13:51:46,10 ===============

    -----------------------------------------------------

    I download the GMER.exe followed instructions and tried to do a scan but it gave blue screen error twice..
     
  2. Lykez

    Lykez Thread Starter

    Joined:
    Mar 12, 2012
    Messages:
    3
    bump
     
  3. Lykez

    Lykez Thread Starter

    Joined:
    Mar 12, 2012
    Messages:
    3
    bump
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1044893

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice