Results 1 to 10 of 12

Thread: Trojan horse infection

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 2012-04-11, 17:10 #1
    mfarmer
    mfarmer is offline
    Junior Member
    Join Date
    Apr 2012
    Posts
    6

    Default Trojan horse infection

    Hi there,
    Computer effected by numerous Trojan Horses, have tried using a number of spyware, virus and Trojan Horse removers, but none are effective.
    Sireref.AH and .AC is the main problem. Info as requested below. Please help me someone...

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Mark Farmer 1 at 16:01:47 on 2012-04-11
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1215 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Nuance\dgnsvc.exe
    C:\Windows\system32\FsUsbExService.Exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\System Control Manager\MSIService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\NLSSRV32.EXE
    C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\NCH Software\Talk\talk.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Users\Mark Farmer 1\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uDefault_Page_URL = hxxp://www.aldi.com
    mStart Page = about:blank
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [KiesTrayAgent]
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    uRun: [Google Update] "c:\users\mark farmer 1\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Spotify] "c:\users\mark farmer 1\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
    uRun: [4F1A88D1F60001C8FB17F68265AF572A1BD5547B._service_run] "c:\users\mark farmer 1\appdata\local\google\chrome\application\chrome.exe" --type=service
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Talk] "c:\program files\nch software\talk\talk.exe" -logon
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
    StartupFolder: c:\users\markfa~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\markfa~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\citrix~1.lnk - c:\program files\citrix\secure access client\nsload.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxps://download.yahoo.com/dl/installs/bt/yregucfg.cab
    DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitemonsterpro.domainmonster.com/Downloads/SWHTTPUploaderProj.cab
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3} : DhcpNameServer = 194.168.4.100 194.168.8.100
    TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\4586F6D637F6E6736383836333 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\75962756C6563737 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
    R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-19 176128]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-2-14 2316624]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
    R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-11-14 217088]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-10 654408]
    R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2010-6-24 160768]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-3-12 69640]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-6-19 5551104]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-6-19 176128]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-14 36640]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-6 22344]
    R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-7-23 73880]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
    R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-6-23 30392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
    S2 mclogmanagerservice;Atimtag;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 pavatscheduler;Unrealircd;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-11 1153368]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-11-23 78136]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
    S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-6-18 136304]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
    S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-11-24 181432]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-24 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-04-11 14:42:23 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11f41e10-0f11-4a6a-aaa5-d7f75172f917}\offreg.dll
    2012-04-11 14:23:30 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-11 14:23:13 -------- d-----w- c:\program files\STOPzilla!
    2012-04-11 14:23:10 -------- d-----w- c:\program files\common files\iS3
    2012-04-11 14:23:06 -------- d-----w- c:\programdata\STOPzilla!
    2012-04-11 11:28:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-04-11 11:28:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-04-11 10:19:30 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\AVG2012
    2012-04-11 10:19:10 -------- d--h--w- c:\programdata\Common Files
    2012-04-11 10:17:49 -------- d--h--w- C:\$AVG
    2012-04-11 10:17:48 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-04-11 10:17:48 -------- d-----w- c:\programdata\AVG2012
    2012-04-11 09:58:54 -------- d-----w- c:\program files\AVG
    2012-04-11 09:58:04 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
    2012-04-11 09:50:52 -------- d-----w- c:\programdata\MFAData
    2012-04-11 09:44:04 -------- d-----w- c:\users\mark farmer 1\appdata\local\{14B4618C-FA6D-43C8-A7CC-30CA1882EE6F}
    2012-04-11 09:43:49 -------- d-----w- c:\users\mark farmer 1\appdata\local\{36B34D1D-88E6-4857-BACE-C7B5F5071B73}
    2012-04-11 09:40:33 3867720 ----a-w- c:\users\mark farmer 1\avg_isct_stb_all_2012_2127_free.exe
    2012-04-11 09:19:26 -------- d-----w- c:\windows\en
    2012-04-11 09:09:16 89944 ----a-w- c:\program files\common files\windows live\.cache\c51a62181cd17c201\DSETUP.dll
    2012-04-11 09:09:16 537432 ----a-w- c:\program files\common files\windows live\.cache\c51a62181cd17c201\DXSETUP.exe
    2012-04-11 09:09:16 1801048 ----a-w- c:\program files\common files\windows live\.cache\c51a62181cd17c201\dsetup32.dll
    2012-04-11 09:04:46 -------- d-----w- c:\users\mark farmer 1\appdata\local\{7AC99984-C657-426A-BC26-C59481CC011A}
    2012-04-11 09:02:53 -------- d-----w- c:\users\mark farmer 1\appdata\local\{B13490C7-6FE4-4DEA-B70C-389A9454CCD1}
    2012-04-11 08:42:07 -------- d-----w- c:\users\mark farmer 1\appdata\local\{E872289A-7DB3-406C-BBB6-743C16FE609B}
    2012-04-11 08:40:26 -------- d-----w- c:\users\mark farmer 1\appdata\local\{AB1F747A-8C02-4DC1-BBF3-C33950758490}
    2012-04-11 08:01:19 -------- d-----w- c:\users\mark farmer 1\appdata\local\{10D69062-5DCE-4F85-8602-EDFD80D6A8F9}
    2012-04-11 07:41:46 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11f41e10-0f11-4a6a-aaa5-d7f75172f917}\mpengine.dll
    2012-04-10 15:38:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-04-10 15:18:51 711240 ----a-w- c:\windows\isRS-000.tmp
    2012-04-10 12:26:00 -------- d-----w- c:\users\mark farmer 1\appdata\local\{F5BA1F5C-3F22-4CF1-B47F-0E6170230144}
    2012-04-06 09:54:18 -------- d-----w- c:\users\mark farmer 1\appdata\local\Skybound
    2012-04-05 22:11:32 -------- d-----w- c:\users\mark farmer 1\appdata\local\{44B5FC50-625D-45A2-8658-36106CCF1707}
    2012-04-05 16:15:29 49152 ----a-w- c:\windows\system32\INETWH32.DLL
    2012-04-05 16:15:29 28672 ----a-w- c:\windows\system32\nnr.dll
    2012-04-05 16:15:29 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
    2012-04-05 14:04:14 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\TeamViewer
    2012-04-05 07:08:16 -------- d-----w- c:\program files\iPod
    2012-04-04 12:13:38 23376 ----a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 12:13:26 546640 ----a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 12:13:22 481104 ----a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 15:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-27 16:29:04 -------- d-----w- c:\users\mark farmer 1\website work
    2012-03-27 08:20:09 -------- d-----w- c:\users\mark farmer 1\appdata\local\{07834C60-DF10-4152-860B-0EDDE580AC16}
    2012-03-26 20:19:27 -------- d-----w- c:\users\mark farmer 1\appdata\local\{E4D90F30-4397-49BA-B087-ABEF8C1587A3}
    2012-03-26 20:19:03 -------- d-----w- c:\users\mark farmer 1\appdata\local\{39D66003-F953-4563-8F2E-3C5A2CA73E87}
    2012-03-26 08:18:18 -------- d-----w- c:\users\mark farmer 1\appdata\local\{AA4127E7-11ED-4E18-87A1-8B1AC172ED39}
    2012-03-25 18:27:37 -------- d-----w- c:\users\mark farmer 1\appdata\local\{4C0B02EB-0144-4F2D-B19D-4BEA6A193325}
    2012-03-24 16:33:03 -------- d-----w- c:\users\mark farmer 1\appdata\local\{7AA57D26-C994-419A-8AC3-AFC24DA5EF61}
    2012-03-23 08:11:38 -------- d-----w- c:\users\mark farmer 1\appdata\local\{4F73EE87-9224-42B8-9C5D-7CD6BE94CC0F}
    2012-03-22 09:58:39 -------- d-----w- c:\windows\Cache
    2012-03-22 09:54:41 -------- d-----w- c:\users\mark farmer 1\appdata\local\{F965A277-30A6-44EE-9442-4DEED6C953FF}
    2012-03-20 16:54:50 -------- d-----w- c:\users\mark farmer 1\appdata\local\{576BA438-C90B-47D6-8E83-78AA7DBE6F70}
    2012-03-20 16:53:55 -------- d-----w- c:\users\mark farmer 1\appdata\local\{B3A4D515-1E90-4A3A-85EA-2A3540EA9F7A}
    2012-03-19 17:39:14 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\KeyingTool
    2012-03-19 17:14:52 -------- d-----w- c:\programdata\Ancestry.com
    2012-03-19 17:12:56 -------- d-----w- c:\users\mark farmer 1\appdata\local\Downloaded Installations
    2012-03-19 08:45:25 -------- d-----w- c:\users\mark farmer 1\appdata\local\{E7DAE62E-B180-4F5B-9261-170D8935B011}
    2012-03-19 08:44:59 -------- d-----w- c:\users\mark farmer 1\appdata\local\{EACC384E-62DC-4E84-80AF-B2EA8963E913}
    2012-03-18 14:49:26 -------- d-----w- c:\users\mark farmer 1\appdata\local\{55B73ABD-619A-423A-AB7C-47AA2E7E3220}
    2012-03-17 09:09:17 -------- d-----w- c:\users\mark farmer 1\appdata\local\{BC428FAC-615F-4AA7-A776-C690C48E67D1}
    2012-03-16 11:26:49 -------- d-----w- c:\users\mark farmer 1\appdata\local\{6C076E6D-0D0B-410D-B4F6-0088CFB1049C}
    2012-03-16 11:26:24 -------- d-----w- c:\users\mark farmer 1\appdata\local\{C1BE37C1-F88D-45C2-8FEC-3888FE57A29E}
    2012-03-15 11:10:47 -------- d-----w- c:\users\mark farmer 1\appdata\local\{0349B272-6579-465D-9C0A-7C65D3AAAD0E}
    2012-03-15 11:10:25 -------- d-----w- c:\users\mark farmer 1\appdata\local\{B4DFDD4D-7ACE-4D21-8886-44A94A1AB718}
    2012-03-15 10:12:34 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-03-15 10:12:32 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-03-14 20:43:08 2343424 ----a-w- c:\windows\system32\win32k.sys
    2012-03-14 20:43:05 1077248 ----a-w- c:\windows\system32\DWrite.dll
    2012-03-14 20:42:33 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-03-14 20:42:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-03-14 20:42:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-03-14 20:42:29 826880 ----a-w- c:\windows\system32\rdpcore.dll
    2012-03-14 20:42:29 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-03-14 20:42:28 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-03-13 17:16:36 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
    2012-03-13 17:16:36 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
    2012-03-13 17:13:35 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\Downloaded Installations
    2012-03-12 22:02:26 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
    2012-03-12 22:00:40 508224 ----a-w- c:\windows\system32\ICCProfiles.dll
    .
    ==================== Find3M ====================
    .
    2012-04-10 20:38:31 1890 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-08 17:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2012-03-08 17:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
    2012-03-05 09:10:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 14:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 14:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 13:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 13:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 13:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 13:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 13:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 13:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 13:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 13:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 13:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
    2012-02-22 04:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-31 03:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2012-01-19 09:22:20 42864 ----a-r- c:\windows\system32\SBBD.EXE
    .
    ============= FINISH: 16:07:24.57 ===============

    Also having problems with Tojan horse Hider.QFR
    Last edited by tashi; 2012-04-12 at 03:02. Reason: Merged two posts, helpers look for a zero response. :-)
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules