Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe starting numerous services and more


  • This topic is locked This topic is locked
6 replies to this topic

#1 idagon

idagon

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 April 2009 - 12:42 PM

Help!

I got a virus and bitdefender and malware bytes cannot detect it or remove it.

It repeatedly starts outlook.exe and many services according to process explorer.


heres the HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:28 AM, on 4/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\normal usage\Desktop\security tools\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] "C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Desktop Calendar] C:\Program Files\Desktop Calendar\Desktop Calendar.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{35E6FEE2-0DD8-429C-8E4E-82F23551B6C3}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE27E47E-53F6-407C-B566-931D028B6C06}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 6824 bytes

Edited by idagon, 05 April 2009 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 idagon

idagon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 05 April 2009 - 04:25 PM

I found that a svchost was tied to a java 5 file. i updated to java 6 and deleted java 5. now i dont get the annoying outlook popups. Im not sure if anything else is going on though

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:05:29 AM

Posted 15 April 2009 - 01:41 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 idagon

idagon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 15 April 2009 - 08:44 AM

Hi thanks for the reply, I believe i ahve the system cleaned. Take a look at the log and see if you see anything. thanks for the help


DDS (Ver_09-03-16.01) - NTFSx86
Run by normal usage at 6:37:48.67 on Wed 04/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2814.2215 [GMT -8:00]

AV: Outpost Security Suite Pro *On-access scanning enabled* (Updated)
FW: Outpost Security Suite Pro *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Desktop Calendar\Desktop Calendar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\normal usage\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: Quick Tune: {a1a7e22d-1587-4230-8f16-081c68d21448} - c:\program files\agnitum\outpost security suite pro\ie_bar.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Desktop Calendar] c:\program files\desktop calendar\Desktop Calendar.exe
mRun: [SkyTel] SkyTel.EXE
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [AcronisTimounterMonitor] "c:\program files\acronis\trueimagehome\TimounterMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite pro\feedback.exe" /dump:os_startup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program files\visualroute\vrie.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448} - c:\program files\agnitum\outpost security suite pro\ie_bar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\normal~1\applic~1\mozilla\firefox\profiles\ha4tnx10.default\
FF - prefs.js: browser.startup.homepage - hxxp://us.mc565.mail.yahoo.com/mc/showFolder;_ylt=AvKf.EtX_J6tUGEipu9Z.XRmk70X?&fid=EBAY&.rand=1714235237&da=0|http://mymail.operamail.com/scripts/common/home.main?a=8f98139853a8036d3126c7cdb1c10562821b5c3d709ad0e8decd6b131c1e2b3c8aa09cebe3d70fa72ff90436ec39f8ee6c033ed55af9b1e728791a3450903278244ce50264|http://www.google.com/
FF - component: c:\program files\mozilla firefox\components\FFComm.dll

============= SERVICES / DRIVERS ===============

R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-4-10 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-4-10 1604952]
R2 devdpl;devdpl;c:\windows\system32\drivers\devdpl.sys [2007-7-5 7168]
R2 litdpl;litdpl;c:\windows\system32\drivers\litdpl.sys [2007-7-5 4736]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-4-10 30864]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-4-10 257432]
R3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2009-4-10 33888]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-1-28 89600]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2009-4-10 1172880]
R3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2009-4-10 234304]
S3 CyUsbNT;Cypress Manufacturing Driver;c:\windows\system32\drivers\CyUsbNT.sys [2005-2-16 28800]
S3 FTD2XX;FTD2XX.SYS FT8U2XX device driver;c:\windows\system32\drivers\FTD2XX.sys [2009-2-19 29292]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-11-30 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-11-30 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-11-20 23680]
S3 PCX500;Cisco Wireless LAN Adapters Driver;c:\windows\system32\drivers\pcx500.sys [2007-8-6 169984]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]

============== File Associations ===============

regfile="c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .reg
VBSFile="c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .vb1

=============== Created Last 30 ================

2009-04-14 15:28 37,290 a------- c:\windows\scunin.dat
2009-04-14 15:27 94,208 a------- c:\windows\ScUnin.exe
2009-04-14 15:27 967 a------- c:\windows\ScUnin.pif
2009-04-10 13:59 1,172,880 a------- c:\windows\system32\drivers\VBEngNT.sys
2009-04-10 13:59 704,384 a------- c:\windows\system32\drivers\SandBox.sys
2009-04-10 13:58 257,432 a------- c:\windows\system32\drivers\afwcore.sys
2009-04-10 13:58 49 a------- c:\windows\transp.gif
2009-04-10 13:58 30,864 a------- c:\windows\system32\drivers\afw.sys
2009-04-10 13:58 <DIR> --d----- c:\windows\system32\Filt
2009-04-10 13:58 <DIR> --d----- c:\program files\Agnitum
2009-04-10 13:58 <DIR> --d----- c:\docume~1\normal~1\applic~1\Agnitum
2009-04-10 13:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Agnitum
2009-04-09 16:56 438,272 a------- c:\windows\system32\AM4DLL.DLL
2009-04-09 07:08 <DIR> --d----- C:\autoruns
2009-04-09 06:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Uniblue
2009-04-09 06:17 20,232 a------- c:\windows\system32\AntiSpyNative64.exe
2009-04-09 06:17 16,648 a------- c:\windows\system32\AntiSpyNative32.exe
2009-04-06 11:37 <DIR> --d----- c:\program files\Marcos Velasco Security
2009-04-06 11:36 <DIR> --d----- c:\program files\CCleaner
2009-04-06 11:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-06 11:18 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-06 11:18 <DIR> --d----- c:\docume~1\normal~1\applic~1\SUPERAntiSpyware.com
2009-04-06 07:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-06 07:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 07:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 13:58 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-05 13:27 <DIR> --d----- c:\docume~1\normal~1\applic~1\PCToolsFirewallPlus
2009-04-05 11:30 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-05 11:30 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-05 09:10 <DIR> --d----- c:\docume~1\normal~1\applic~1\Malwarebytes
2009-04-05 09:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-05 09:04 <DIR> --d----- c:\program files\Debugging Tools for Windows (x86)
2009-04-03 07:04 16 a------- C:\asdict.dat
2009-04-03 03:50 977 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-02 14:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SystemExplorer
2009-04-02 14:49 <DIR> --d----- c:\program files\System Explorer
2009-04-02 13:42 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-02 13:42 385 a------- c:\windows\system32\user_gensett.xml
2009-04-02 08:02 121 a------- c:\windows\bdagent.INI
2009-04-02 08:00 <DIR> --d----- c:\documents and settings\normal usage\DoctorWeb
2009-04-02 07:28 81,984 a------- c:\windows\system32\bdod.bin
2009-04-02 07:20 <DIR> --d----- c:\program files\BitDefender
2009-03-26 07:00 <DIR> --d----- c:\temp\HP_WebRelease
2009-03-17 19:37 4,096 a------- c:\windows\system32\crash

==================== Find3M ====================

2009-04-01 16:59 14,336 a------- c:\windows\system32\svchost.exe
2009-01-28 17:49 7,160,864 a------- C:\3DMark06_v110_patch.exe
2009-01-28 17:39 604,908,520 a------- C:\3DMark06_v102_installer.exe
2007-05-05 18:03 57,344 a------- c:\documents and settings\normal usage\iSetupNI.dll
2007-03-05 06:58 87,608 a------- c:\docume~1\normal~1\applic~1\ezpinst.exe
2007-03-05 06:58 47,360 a------- c:\docume~1\normal~1\applic~1\pcouffin.sys
2007-01-11 10:07 56,912 a------- c:\documents and settings\normal usage\g2mdlhlpx.exe

============= FINISH: 6:38:02.81 ===============

#5 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:29 AM

Posted 16 April 2009 - 10:07 AM

The only thing I see wrong is that you are using Adobe Acrobat 7.

I would uninstall Adobe Acrobat 7 and install Version 9
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#6 idagon

idagon
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 16 April 2009 - 04:01 PM

Thanks Hoov

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:04:29 AM

Posted 16 April 2009 - 09:17 PM

You are welcome!
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users