-
Trojan horse infection
Hi there,
Computer effected by numerous Trojan Horses, have tried using a number of spyware, virus and Trojan Horse removers, but none are effective.
Sireref.AH and .AC is the main problem. Info as requested below. Please help me someone...
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mark Farmer 1 at 16:01:47 on 2012-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1215 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\System Control Manager\MSIService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NCH Software\Talk\talk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Mark Farmer 1\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://www.aldi.com
mStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do-Not-Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0357.1\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [KiesTrayAgent]
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" -s
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Google Update] "c:\users\mark farmer 1\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Spotify] "c:\users\mark farmer 1\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
uRun: [4F1A88D1F60001C8FB17F68265AF572A1BD5547B._service_run] "c:\users\mark farmer 1\appdata\local\google\chrome\application\chrome.exe" --type=service
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0357.1\mswinext.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paintshop photo pro\x3\pspclassic\CorelIOMonitor.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking11\Ereg.ini
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Talk] "c:\program files\nch software\talk\talk.exe" -logon
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\markfa~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\markfa~2\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\citrix~1.lnk - c:\program files\citrix\secure access client\nsload.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\autoru~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DA58ACA7-18A6-403A-93DA-6E4172D43709} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {1803B9EF-9905-4F34-AFC4-05D1BAB28801} - hxxps://download.yahoo.com/dl/installs/bt/yregucfg.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://sitemonsterpro.domainmonster.com/Downloads/SWHTTPUploaderProj.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - hxxps://register.btinternet.com/templates/btwebcontrol028.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\2445F40756E6A7F6E656 : DhcpNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\4586F6D637F6E6736383836333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4825EAED-17EA-4EAB-A0CC-4AE78EA087D3}\75962756C6563737 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidsehx.sys [2011-12-23 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-2-22 299472]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-19 176128]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-2-14 2316624]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2010-7-23 296808]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-11-14 217088]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-10 654408]
R2 Micro Star SCM;Micro Star SCM;c:\program files\system control manager\MSIService.exe [2010-6-24 160768]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2012-3-12 69640]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-6-19 5551104]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-6-19 176128]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-11-14 36640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-6 22344]
R3 Net6IM;Net6;c:\windows\system32\drivers\net6im51.sys [2009-7-23 73880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-3-21 362600]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-4-1 1009184]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-6-23 30392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-2-14 5104992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
S2 mclogmanagerservice;Atimtag;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 pavatscheduler;Unrealircd;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-11 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-11-23 78136]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-28 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2010-6-18 136304]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-9-15 807936]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-11-24 181432]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-6 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-24 1343400]
.
=============== Created Last 30 ================
.
2012-04-11 14:42:23 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11f41e10-0f11-4a6a-aaa5-d7f75172f917}\offreg.dll
2012-04-11 14:23:30 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-11 14:23:13 -------- d-----w- c:\program files\STOPzilla!
2012-04-11 14:23:10 -------- d-----w- c:\program files\common files\iS3
2012-04-11 14:23:06 -------- d-----w- c:\programdata\STOPzilla!
2012-04-11 11:28:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-11 11:28:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-11 10:19:30 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\AVG2012
2012-04-11 10:19:10 -------- d--h--w- c:\programdata\Common Files
2012-04-11 10:17:49 -------- d--h--w- C:\$AVG
2012-04-11 10:17:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-11 10:17:48 -------- d-----w- c:\programdata\AVG2012
2012-04-11 09:58:54 -------- d-----w- c:\program files\AVG
2012-04-11 09:58:04 335504 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-04-11 09:50:52 -------- d-----w- c:\programdata\MFAData
2012-04-11 09:44:04 -------- d-----w- c:\users\mark farmer 1\appdata\local\{14B4618C-FA6D-43C8-A7CC-30CA1882EE6F}
2012-04-11 09:43:49 -------- d-----w- c:\users\mark farmer 1\appdata\local\{36B34D1D-88E6-4857-BACE-C7B5F5071B73}
2012-04-11 09:40:33 3867720 ----a-w- c:\users\mark farmer 1\avg_isct_stb_all_2012_2127_free.exe
2012-04-11 09:19:26 -------- d-----w- c:\windows\en
2012-04-11 09:09:16 89944 ----a-w- c:\program files\common files\windows live\.cache\c51a62181cd17c201\DSETUP.dll
2012-04-11 09:09:16 537432 ----a-w- c:\program files\common files\windows live\.cache\c51a62181cd17c201\DXSETUP.exe
2012-04-11 09:09:16 1801048 ----a-w- c:\program files\common files\windows live\.cache\c51a62181cd17c201\dsetup32.dll
2012-04-11 09:04:46 -------- d-----w- c:\users\mark farmer 1\appdata\local\{7AC99984-C657-426A-BC26-C59481CC011A}
2012-04-11 09:02:53 -------- d-----w- c:\users\mark farmer 1\appdata\local\{B13490C7-6FE4-4DEA-B70C-389A9454CCD1}
2012-04-11 08:42:07 -------- d-----w- c:\users\mark farmer 1\appdata\local\{E872289A-7DB3-406C-BBB6-743C16FE609B}
2012-04-11 08:40:26 -------- d-----w- c:\users\mark farmer 1\appdata\local\{AB1F747A-8C02-4DC1-BBF3-C33950758490}
2012-04-11 08:01:19 -------- d-----w- c:\users\mark farmer 1\appdata\local\{10D69062-5DCE-4F85-8602-EDFD80D6A8F9}
2012-04-11 07:41:46 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{11f41e10-0f11-4a6a-aaa5-d7f75172f917}\mpengine.dll
2012-04-10 15:38:02 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-04-10 15:18:51 711240 ----a-w- c:\windows\isRS-000.tmp
2012-04-10 12:26:00 -------- d-----w- c:\users\mark farmer 1\appdata\local\{F5BA1F5C-3F22-4CF1-B47F-0E6170230144}
2012-04-06 09:54:18 -------- d-----w- c:\users\mark farmer 1\appdata\local\Skybound
2012-04-05 22:11:32 -------- d-----w- c:\users\mark farmer 1\appdata\local\{44B5FC50-625D-45A2-8658-36106CCF1707}
2012-04-05 16:15:29 49152 ----a-w- c:\windows\system32\INETWH32.DLL
2012-04-05 16:15:29 28672 ----a-w- c:\windows\system32\nnr.dll
2012-04-05 16:15:29 1056768 ----a-w- c:\windows\system32\ROBOEX32.DLL
2012-04-05 14:04:14 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\TeamViewer
2012-04-05 07:08:16 -------- d-----w- c:\program files\iPod
2012-04-04 12:13:38 23376 ----a-r- c:\windows\system32\SZIO5.dll
2012-04-04 12:13:26 546640 ----a-r- c:\windows\system32\SZComp5.dll
2012-04-04 12:13:22 481104 ----a-r- c:\windows\system32\SZBase5.dll
2012-03-29 15:36:48 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2012-03-27 16:29:04 -------- d-----w- c:\users\mark farmer 1\website work
2012-03-27 08:20:09 -------- d-----w- c:\users\mark farmer 1\appdata\local\{07834C60-DF10-4152-860B-0EDDE580AC16}
2012-03-26 20:19:27 -------- d-----w- c:\users\mark farmer 1\appdata\local\{E4D90F30-4397-49BA-B087-ABEF8C1587A3}
2012-03-26 20:19:03 -------- d-----w- c:\users\mark farmer 1\appdata\local\{39D66003-F953-4563-8F2E-3C5A2CA73E87}
2012-03-26 08:18:18 -------- d-----w- c:\users\mark farmer 1\appdata\local\{AA4127E7-11ED-4E18-87A1-8B1AC172ED39}
2012-03-25 18:27:37 -------- d-----w- c:\users\mark farmer 1\appdata\local\{4C0B02EB-0144-4F2D-B19D-4BEA6A193325}
2012-03-24 16:33:03 -------- d-----w- c:\users\mark farmer 1\appdata\local\{7AA57D26-C994-419A-8AC3-AFC24DA5EF61}
2012-03-23 08:11:38 -------- d-----w- c:\users\mark farmer 1\appdata\local\{4F73EE87-9224-42B8-9C5D-7CD6BE94CC0F}
2012-03-22 09:58:39 -------- d-----w- c:\windows\Cache
2012-03-22 09:54:41 -------- d-----w- c:\users\mark farmer 1\appdata\local\{F965A277-30A6-44EE-9442-4DEED6C953FF}
2012-03-20 16:54:50 -------- d-----w- c:\users\mark farmer 1\appdata\local\{576BA438-C90B-47D6-8E83-78AA7DBE6F70}
2012-03-20 16:53:55 -------- d-----w- c:\users\mark farmer 1\appdata\local\{B3A4D515-1E90-4A3A-85EA-2A3540EA9F7A}
2012-03-19 17:39:14 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\KeyingTool
2012-03-19 17:14:52 -------- d-----w- c:\programdata\Ancestry.com
2012-03-19 17:12:56 -------- d-----w- c:\users\mark farmer 1\appdata\local\Downloaded Installations
2012-03-19 08:45:25 -------- d-----w- c:\users\mark farmer 1\appdata\local\{E7DAE62E-B180-4F5B-9261-170D8935B011}
2012-03-19 08:44:59 -------- d-----w- c:\users\mark farmer 1\appdata\local\{EACC384E-62DC-4E84-80AF-B2EA8963E913}
2012-03-18 14:49:26 -------- d-----w- c:\users\mark farmer 1\appdata\local\{55B73ABD-619A-423A-AB7C-47AA2E7E3220}
2012-03-17 09:09:17 -------- d-----w- c:\users\mark farmer 1\appdata\local\{BC428FAC-615F-4AA7-A776-C690C48E67D1}
2012-03-16 11:26:49 -------- d-----w- c:\users\mark farmer 1\appdata\local\{6C076E6D-0D0B-410D-B4F6-0088CFB1049C}
2012-03-16 11:26:24 -------- d-----w- c:\users\mark farmer 1\appdata\local\{C1BE37C1-F88D-45C2-8FEC-3888FE57A29E}
2012-03-15 11:10:47 -------- d-----w- c:\users\mark farmer 1\appdata\local\{0349B272-6579-465D-9C0A-7C65D3AAAD0E}
2012-03-15 11:10:25 -------- d-----w- c:\users\mark farmer 1\appdata\local\{B4DFDD4D-7ACE-4D21-8886-44A94A1AB718}
2012-03-15 10:12:34 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-15 10:12:32 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 20:43:08 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 20:43:05 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 20:42:33 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 20:42:33 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 20:42:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 20:42:29 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 20:42:29 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 20:42:28 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:16:36 27144 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-03-13 17:16:36 18440 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-03-13 17:13:35 -------- d-----w- c:\users\mark farmer 1\appdata\roaming\Downloaded Installations
2012-03-12 22:02:26 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2012-03-12 22:00:40 508224 ----a-w- c:\windows\system32\ICCProfiles.dll
.
==================== Find3M ====================
.
2012-04-10 20:38:31 1890 --sha-w- c:\programdata\KGyGaAvL.sys
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 17:50:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2012-03-08 17:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-05 09:10:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-24 14:28:26 99728 ----a-r- c:\windows\system32\drivers\SZKG.sys
2012-02-24 14:28:26 99728 ----a-r- c:\windows\system32\drivers\is3srv.sys
2012-02-23 13:09:44 29008 ----a-r- c:\windows\system32\IS3XDat5.dll
2012-02-23 13:09:42 390992 ----a-r- c:\windows\system32\IS3UI5.dll
2012-02-23 13:09:42 231248 ----a-r- c:\windows\system32\IS3Win325.dll
2012-02-23 13:09:40 100176 ----a-r- c:\windows\system32\IS3Svc5.dll
2012-02-23 13:09:34 132944 ----a-r- c:\windows\system32\IS3HTUI5.dll
2012-02-23 13:09:34 104272 ----a-r- c:\windows\system32\IS3Inet5.dll
2012-02-23 13:09:32 67408 ----a-r- c:\windows\system32\IS3Hks5.dll
2012-02-23 13:09:32 456528 ----a-r- c:\windows\system32\IS3DBA5.dll
2012-02-23 13:09:30 808784 ----a-r- c:\windows\system32\IS3Base5.dll
2012-02-22 04:25:52 299472 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-15 11:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 11:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 03:46:50 31952 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2012-01-19 09:22:20 42864 ----a-r- c:\windows\system32\SBBD.EXE
.
============= FINISH: 16:07:24.57 ===============
Also having problems with Tojan horse Hider.QFR
Last edited by tashi; 2012-04-12 at 04:02.
Reason: Merged two posts, helpers look for a zero response. :-)
-
Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
You have Microsoft Security Essentials installed, but I am also looking at AVG Anti Virus, more than one AV is overkill and will severely hamper system performance, I would suggest you uninstall AVG
You also have a marker on your log for BitTorrentBar, file sharing of any kind is not recommended, your downloading that file from an unknown source and not all but the better percentage of them contain malware of one form or another, I would never allow any type of file sharing on any of my systems so I suggest you uninstall this one also.
Download TFC to your desktop
- Close any open windows.
- Double click the TFC icon to run the program
- TFC will close all open programs itself in order to run,
- Click the Start button to begin the process.
- Allow TFC to run uninterrupted.
- The program should not take long to finish it's job
- Once its finished it should automatically reboot your machine,
- if it doesn't, manually reboot to ensure a complete clean
Please download Malwarebytes from Here or Here
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform quick scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected .
- When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
-
Hi Malwarebytes was installed, but removed due to it not finding anything!
Stopzilla reports as attached.
-
-
How long does the scan normally take??!
I started the scan five hours ago and it is only 43 per cent of the way through!!
Is this normal?
How long does it usually take??
Thanks for the help so far,
Cheers,
Mark
-
Mark, depending on your system and can take an hour and sometimes much more, did you disable all the onboard AVs and any Spyware programs that you have ?
-
Windows updates effected
Hi many thanks for this, have now followed those steps and will see how things are. One thing I have noticed is that a load of windows updates seem to been deleted how the virus removal process and now when I try to update them, it downloads and updates them, but a few minutes after doing this says that they need to download and update again...not sure why this is happening???
-
Why dont you post here in there windows forum for help with Windows Updates.
http://forums.whatthetech.com/index.php?showforum=119
Like Safer this site is free but you will have to register, you can link them to this thread if you wish so they can see what we have done, I will leave this thread open for you for about a week so post back and let me know if they fixed it. And at that point if you feel your still having issues we can check further
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules