Results 1 to 2 of 2

Thread: Multiple Trojan Horses Please Help

  1. #1
    Junior Member
    Join Date
    Jun 2011
    Posts
    2

    Unhappy Multiple Trojan Horses Please Help

    I have multiple threats detected and I don't know what to do. Please help.
    They are for trojan horses sheur3 files. What do I need to do?
    Tried running dds.

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by HP G60 at 10:10:41 on 2011-06-07
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1979.763 [GMT -7:00]
    .
    AV: ESET Smart Security 4.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: ESET Smart Security 4.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\AVG\AVG10\avgsrmax.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\Opera\Opera.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\boostspeed.exe
    C:\Program Files\AVG\AVG10\avgsrmax.exe
    C:\Program Files\AVG\AVG10\avgui.exe
    C:\Users\HP G60\Desktop\22icln8n.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_Plugin.exe -update plugin
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 136.168.255.2 136.168.0.5 136.168.0.6
    TCP: Interfaces\{E6A2EC95-C551-400B-9D3A-361DC8A3E2BD} : DhcpNameServer = 136.168.255.2 136.168.0.5 136.168.0.6
    TCP: Interfaces\{E6A2EC95-C551-400B-9D3A-361DC8A3E2BD}\34355524 : DhcpNameServer = 136.168.255.2 136.168.0.5 136.168.0.6
    TCP: Interfaces\{E6A2EC95-C551-400B-9D3A-361DC8A3E2BD}\64C6578734163747 : DhcpNameServer = 192.168.10.2
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\hp g60\appdata\roaming\mozilla\firefox\profiles\qlvkyhsv.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dbf2f33&i=23&tp=ab&nt=1&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - plugin: c:\program files\byond\bin\npbyond.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\users\hp g60\appdata\local\flock\update\1.2.213.0\npFlockOneClick8.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
    R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    .
    =============== Created Last 30 ================
    .
    2011-06-07 12:16:09 -------- d-----w- c:\users\hp g60\appdata\roaming\AVG
    2011-06-07 11:38:12 -------- d-----w- c:\programdata\Tarma Installer
    2011-06-07 11:38:11 -------- d-----w- c:\program files\PageRage
    2011-06-07 11:37:43 -------- d--h--w- C:\$AVG
    2011-06-05 02:56:32 -------- d-----w- c:\users\hp g60\appdata\local\Adobe
    2011-06-03 01:23:28 -------- d-----w- c:\program files\RPGMakerVX1.02
    2011-06-02 23:38:26 -------- d-----w- c:\users\hp g60\.thumbnails
    2011-06-02 23:37:05 -------- d-----w- c:\users\hp g60\appdata\roaming\Blender Foundation
    2011-06-02 23:36:55 -------- d-----w- c:\program files\Blender Foundation
    2011-06-02 23:28:01 -------- d-----w- c:\program files\blender-2.57b-windows32
    2011-06-02 23:07:34 -------- d-----w- c:\program files\Microsoft SQL Server
    2011-06-02 23:07:18 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2011-06-02 23:07:17 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2011-06-02 23:06:37 205984 ----a-w- c:\programdata\microsoft\vbexpress\10.0\1033\ResourceCache.dll
    2011-06-02 21:54:27 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
    2011-06-02 21:54:27 -------- d-----w- c:\program files\Microsoft Help Viewer
    2011-06-02 09:26:03 56 --sh--r- c:\windows\system32\74A4B76408.sys
    2011-06-02 09:25:58 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2011-06-02 09:21:26 -------- d-----w- c:\program files\common files\Enterbrain
    2011-06-02 09:09:09 -------- d-----w- c:\program files\Enterbrain
    2011-06-02 04:53:56 -------- d-----w- c:\program files\Toolkit3
    2011-06-02 04:50:29 -------- d-----w- c:\program files\RPG Maker XP
    2011-06-02 04:47:26 45056 ----a-r- c:\users\hp g60\appdata\roaming\microsoft\installer\{c471327b-ac5d-43de-8fd2-2a6c0e7f74ee}\GameBasic3D.chm_C471327BAC5D43DE8FD22A6C0E7F74EE_1.exe
    2011-06-02 04:47:26 335872 ----a-r- c:\users\hp g60\appdata\roaming\microsoft\installer\{c471327b-ac5d-43de-8fd2-2a6c0e7f74ee}\NewShortcut1_C471327BAC5D43DE8FD22A6C0E7F74EE.exe
    2011-06-02 04:47:25 -------- d-----w- c:\program files\Monarke Studios
    2011-06-01 08:53:13 -------- d-----w- c:\users\hp g60\appdata\local\Microsoft Games
    2011-05-26 05:11:36 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2011-05-26 05:08:21 -------- d-----w- c:\program files\PhotoshopCS5
    2011-05-19 07:08:45 -------- d-----w- c:\users\hp g60\appdata\local\intuit
    2011-05-19 05:29:21 -------- d-----w- c:\users\hp g60\appdata\roaming\Intuit
    2011-05-19 05:29:00 -------- d-----w- c:\program files\common files\supportsoft
    2011-05-19 04:59:40 1933312 ----a-w- c:\windows\system32\cdintf251.dll
    2011-05-19 04:54:26 -------- d-----w- c:\program files\common files\AnswerWorks 4.0
    2011-05-19 04:54:08 -------- d-----w- c:\programdata\Intuit
    2011-05-19 04:54:08 -------- d-----w- c:\program files\Intuit
    2011-05-19 04:54:08 -------- d-----w- c:\program files\common files\Intuit
    2011-05-19 04:11:19 -------- d-----w- c:\users\hp g60\appdata\local\ApplicationHistory
    2011-05-19 04:11:18 -------- d-----w- c:\program files\MSXML 4.0
    2011-05-19 04:08:41 -------- d-----w- c:\windows\system32\URTTEMP
    2011-05-18 07:42:54 -------- d-----w- c:\users\hp g60\appdata\local\SecondLife
    .
    ==================== Find3M ====================
    .
    2011-04-15 04:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-05 07:59:56 297168 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-03-16 23:03:20 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 10:12:00.41 ===============
    http://forums.spybot.info/showthread...846#post406846
    Last edited by tashi; 2011-06-08 at 00:09. Reason: Added link to other topic for additional info

  2. #2
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi Slite

    Which program finds those threats and where they are according to?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •