Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

Computer is very slow - infected with ssms.exe

This is a discussion on Computer is very slow - infected with ssms.exe within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I opened up task manager and saw that SSMS.exe was using around 50% of my CPU. I searched on the


 
 
Thread Tools Search this Thread
Old 12-02-2008, 12:08 PM   #1
Registered Member
 
Join Date: Dec 2008
Posts: 1
OS: Wndows XP



I opened up task manager and saw that SSMS.exe was using around 50% of my CPU. I searched on the web for this and saw that it was listed as dangerous. I killed the SSMS.exe process via task manager and deleted it from my C:\Windows\Prefetch directory. However, I've noticed other suspicious items in my task manager. For example, service.exe, csrs.exe, lsass.exe, etc. I run Norton 360 and did a quick scan, but it detected no problems. I'm not sure about the extent of my issues and will appreciate any help that can be given in this regard!

Below is the DDS.txt from my scan. I will attach Gmer.txt and Attach.txt to the post as well.

DDS (Version 1.0) - NTFSx86
Run by Ben at 13:54:10.21 on Tue 12/02/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1058 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ben\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?rls=ig
uSearch Page = hxxp://www.google.com/hws/sb/dell/en/side.html
uSearch Bar = hxxp://www.google.com/hws/sb/dell/en/side.html
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
BHO: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
TB: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [RollerCoasterTycoon2.exe] K:\ROLLER~1.EXE /r
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
mRun: [UIUCU] c:\docume~1\ben\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [PMX Daemon] ICO.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\dell wireless\PRISMCFG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: {26135F09-79A9-4F3B-9AC3-30C42519E66B} = 204.60.203.179 206.141.193.55
Notify: PRISMAPI.DLL - PRISMAPI.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\adobe\photoshop elements 6.0\PhotoshopElementsFileAgent.exe [2007-9-11 124832]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\common files\symantec shared\ccSvcHst.exe" /h ccCommon [2008-2-18 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2008-11-13 61529]
R2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2006-1-23 1245064]
R3 Angel;Angel MPEG Device;c:\windows\system32\drivers\Angel.sys [2006-1-23 376320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-11-6 99376]
R3 HPFXBULK;HPFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2005-9-20 9344]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081202.004\NAVENG.SYS [2008-12-2 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081202.004\NAVEX15.SYS [2008-12-2 876112]
S2 MsDtsServer;SQL Server Integration Services;"c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe" [2007-3-3 206192]
S2 ReportServer$SQLEXPRESS8;SQL Server Reporting Services (SQLEXPRESS8);"c:\program files\microsoft sql server\msrs10.sqlexpress8\reporting services\reportserver\bin\ReportingServicesService.exe" [2008-7-10 1106968]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2006-2-14 189792]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE" [2008-7-10 47128]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 [2006-12-2 2805000]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-7-10 369688]

=============== Created Last 30 ================

2008-12-02 13:16 250 a------- c:\windows\gmer.ini
2008-12-02 12:42 <DIR> --d----- c:\program files\Trend Micro
2008-11-28 23:28 <DIR> --d----- c:\program files\common files\Nova Development
2008-11-28 23:27 <DIR> --d----- c:\program files\Ideasoft
2008-11-21 12:34 <DIR> --d----- c:\program files\iPod
2008-11-21 12:33 <DIR> --d----- c:\program files\iTunes
2008-11-18 13:17 <DIR> --d----- c:\program files\Microsoft ASP.NET
2008-11-13 13:59 <DIR> --d----- c:\windows\system32\AGEIA
2008-11-13 13:57 397,312 a------- c:\windows\system32\drivers\ETNADiag.exe
2008-11-13 13:56 180,224 a------- c:\windows\system32\NVUNINST.EXE
2008-11-13 13:49 <DIR> --d----- c:\program files\ATI Technologies
2008-11-13 13:08 1,080 a------- c:\windows\system32\settingsbkup.sfm
2008-11-13 13:08 1,080 a------- c:\windows\system32\settings.sfm
2008-11-13 12:55 876,544 a------- c:\windows\system32\TEACico2.dll
2008-11-13 12:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Prism
2008-11-13 12:55 450,649 a----r-- c:\windows\system32\PRISMAPI.dll
2008-11-13 12:55 385,113 a----r-- c:\windows\system32\PRISMSVR.exe
2008-11-13 12:55 61,529 a----r-- c:\windows\system32\PRISMSVC.exe
2008-11-13 12:55 49,152 a----r-- c:\windows\system32\StopSrvr.exe
2008-11-13 12:55 <DIR> --d----- c:\program files\Dell Wireless
2008-11-13 12:54 1,396,827 a----r-- c:\windows\system32\PRISME5.dll
2008-11-13 12:54 20,747 a----r-- c:\windows\system32\drivers\AegisP.sys
2008-11-13 12:51 126,976 a------- c:\windows\system32\Imsmudlg.exe
2008-11-13 12:51 <DIR> --d----- c:\windows\system32\ENU
2008-11-13 12:49 64,980 a------- c:\windows\system32\DVCState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2008-11-13 12:49 55,172 a------- c:\windows\system32\BMXStateBkp-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2008-11-13 12:49 55,172 a------- c:\windows\system32\BMXState-{00000005-00000000-00000004-00001102-00000005-10031102}.rfx
2008-11-13 12:47 5 a------- c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
2008-11-13 12:47 5 a------- c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
2008-11-13 12:43 <DIR> --d----- c:\program files\SigmaTel
2008-11-13 12:40 <DIR> --d----- c:\program files\Modem Helper
2008-11-13 12:08 <DIR> --d----- c:\program files\Digital Line Detect
2008-11-13 12:07 24,576 a----r-- c:\windows\system32\cpl_moh.cpl
2008-11-13 12:07 <DIR> --d----- c:\program files\Modem On Hold
2008-11-12 10:31 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 10:30 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 09:37 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-11 11:05 <DIR> --d----- c:\windows\pss
2008-11-06 20:49 <DIR> --d----- c:\program files\NCH Software
2008-11-06 20:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound
2008-11-06 20:46 <DIR> --d----- c:\program files\NCH Swift Sound
2008-11-06 20:46 <DIR> --d----- c:\docume~1\ben\applic~1\NCH Swift Sound
2008-11-06 17:40 <DIR> --d----- c:\program files\Bonjour
2008-11-06 15:09 50,200 a------- c:\windows\system32\perf-ReportServer$SQLEXPRESS8-rsctr.dll
2008-11-06 14:48 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2008-11-06 14:46 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2008-11-06 13:22 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2008-11-06 13:22 10,671 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-06 13:22 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-06 13:22 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-11-06 13:21 <DIR> --d----- c:\program files\Symantec
2008-11-06 13:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2008-11-05 12:28 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-11-05 12:28 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-11-05 12:27 <DIR> --d----- c:\windows\system32\RsFx
2008-11-05 11:18 <DIR> --d----- c:\program files\Microsoft Visual Studio 9.0
2008-11-05 11:15 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2008-11-05 11:14 <DIR> --d----- c:\program files\Microsoft SDKs
2008-11-05 11:11 <DIR> --d----- c:\windows\system32\XPSViewer
2008-11-05 11:09 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2008-11-05 11:09 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-05 11:09 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-05 11:09 575,488 -------- c:\windows\system32\xpsshhdr.dll
2008-11-05 11:09 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-05 11:09 117,760 -------- c:\windows\system32\prntvpt.dll
2008-11-05 11:09 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-05 11:09 <DIR> --d----- c:\windows\SxsCaPendDel
2008-11-04 10:30 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2008-11-04 10:30 57,344 a------- c:\windows\system32\QuickTime.qts

==================== Find3M ====================

2008-12-02 12:48 <DIR> --d----- c:\program files\common files\Symantec Shared
2008-11-21 12:01 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-13 12:53 <DIR> --d----- c:\program files\Dell
2008-11-06 17:17 <DIR> --d----- c:\program files\Norton 360
2008-11-06 15:03 <DIR> --d----- c:\program files\Microsoft Analysis Services
2008-11-06 14:47 <DIR> --d----- c:\program files\Microsoft SQL Server
2008-11-06 13:35 <DIR> --d----- c:\docume~1\ben\applic~1\Symantec
2008-11-05 09:40 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2008-11-04 06:20 <DIR> --d----- c:\program files\HP
2008-11-01 13:45 <DIR> --d----- c:\docume~1\ben\applic~1\Move Networks
2008-10-22 08:38 <DIR> --d----- c:\program files\ED Consulting
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-06 18:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-03 11:41 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-20 20:40 <DIR> --d----- c:\docume~1\ben\applic~1\SPORE
2008-09-20 20:39 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-09-15 06:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-15 06:12 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2008-09-09 19:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-09 19:14 1,307,648 -------- c:\windows\system32\dllcache\msxml6.dll
2008-09-08 04:41 333,824 -------- c:\windows\system32\dllcache\srv.sys
2008-09-04 11:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-06-27 14:32 <DIR> --d----- c:\docume~1\ben\applic~1\Download Manager
2008-06-17 13:06 <DIR> --d----- c:\docume~1\ben\applic~1\bang
2007-02-28 07:36 <DIR> --d----- c:\docume~1\ben\applic~1\Viewpoint
2007-02-28 07:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2006-11-26 10:36 <DIR> --d----- c:\docume~1\ben\applic~1\Palo Alto Software
2006-11-26 10:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Palo Alto Software
2006-11-26 10:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PAS
2006-11-26 10:17 <DIR> --d----- c:\docume~1\ben\applic~1\Palo Alto Software Inc
2006-11-26 10:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Palo Alto Software Inc
2006-11-22 07:50 <DIR> --d----- c:\docume~1\ben\applic~1\yoclient
2006-10-29 14:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Creative
2006-08-13 13:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\espionServerData
2006-07-11 21:16 <DIR> --d----- c:\docume~1\ben\applic~1\Snapfish
2006-05-09 19:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Disney Imagineering
2006-02-26 23:04 <DIR> --d----- c:\docume~1\ben\applic~1\Corel Photo Album
2006-02-11 13:02 <DIR> --d----- c:\docume~1\ben\applic~1\Intuit
2006-02-11 13:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2007-09-13 15:15 104 ---shr-- c:\windows\system32\1C3C3C3E1E.sys
2008-08-23 10:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 13:54:36.19 ===============

Thanks in advance for your help!
Attached Files
File Type: txt Gmer.txt (11.4 KB, 3 views)
File Type: txt Attach.txt (21.3 KB, 0 views)

__________________
Skyward101 is offline  
Old 12-13-2008, 10:57 PM   #2
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Hello Skyward101,

If you still require assistance, please run a new scan with dds and post a fresh dds.txt and we'll get started.

__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Old 01-02-2009, 10:37 PM   #3
Administrator
Management Team, Security Center & TSF Academy
Expert Analyst, Moderator, Security Team
Rangemaster, Moderator, TSF Academy
 
Ried's Avatar

Microsoft Most Valuable Professional
 
Join Date: Jan 2005
Location: Ohio
Posts: 42,338
OS: WinXP Home, Vista, Windows 7 64bit



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html
__________________
Member of UNITE since 2006

Microsoft MVP - 2010, 2011, 2012, 2013, 2014

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 01:16 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts