Sign in to follow this  
Followers 0
vrp14

svchost.exe

5 posts in this topic

Hello,

I am cleaning up my brother's computer and have gotten down to these last two things that I can't get rid of without some help. Any light you can shed on this would be appreciated.

Val

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6480

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

4/30/2011 9:02:50 PM

mbam-log-2011-04-30 (21-02-50).txt

Scan type: Quick scan

Objects scanned: 133361

Time elapsed: 3 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Jason Perez at 21:26:51.95 on Sat 04/30/2011

Internet Explorer: 7.0.5730.13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.612 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\IDT\WDM\STacSV.exe

svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\sttray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Documents and Settings\Jason Perez\Desktop\dds.com

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.Yahoo.com

uDefault_Page_URL = hxxp://www.Yahoo.com

mDefault_Page_URL = hxxp://www.Yahoo.com

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Jason Perez] c:\documents and settings\jason perez\Jason Perez.exe /i

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iDTSysTrayApp] sttray.exe

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-4-30 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-4-30 135336]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-4-30 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-4-30 61960]

R2 viewpoint manager service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-4-9 24652]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-12-19 112128]

S1 607eaf00;607eaf00;c:\windows\system32\drivers\607eaf00.sys --> c:\windows\system32\drivers\607eaf00.sys [?]

.

=============== Created Last 30 ================

.

2011-05-01 01:16:48 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-01 01:16:47 -------- d-----w- c:\program files\Avira

2011-05-01 01:16:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-04-30 00:41:37 -------- d-----w- c:\docume~1\jasonp~1\applic~1\Malwarebytes

2011-04-30 00:31:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-30 00:31:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-30 00:31:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-30 00:31:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-30 00:19:05 -------- d-----w- c:\docume~1\jasonp~1\locals~1\applic~1\Viewpoint

2011-04-03 03:50:09 -------- d-----w- c:\program files\common files\Viewpoint

.

==================== Find3M ====================

.

.

============= FINISH: 21:27:55.85 ===============

ark.zip

Attach.zip

Share this post


Link to post
Share on other sites

THank you, this has rid me of those last two items.

Thanks,

Val

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.