Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1] 2  All   Go Down

Author Topic: A bunch of Trojans found all of a sudden  (Read 15656 times)

0 Members and 1 Guest are viewing this topic.

Technoid

  • Guest
A bunch of Trojans found all of a sudden
« on: March 29, 2013, 10:16:11 PM »
I was trying to find files created on a specific date, and I downloaded the new version of the Windows Desktop Search. It was indexing the drive, and I left it alone to do that and when I got back on it a thing popped up from my AVG saying it blocked a bunch of trojan horses. I don't know if it has anything to do with WDS or it indexing or what.

The locations of them are:

c:\Monitor Documentaion\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0
Professional\Adobe_Acrobat_7.0_Professional_Keygen\pdx-ac7p.exe

c:\DownLoads\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0
Professional\Adobe_Acrobat_7.0_Professional_Keygen\pdx-ac7p.exe

c:\NotesSQL\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0
Professional\Adobe_Acrobat_7.0_Professional_Keygen\pdx-ac7p.exe

c:\lotus\Adobe Acrobat 7.0 Professional\Adobe Acrobat 7.0
Professional\Adobe_Acrobat_7.0_Professional_Keygen\pdx-ac7p.exe

My backup program messed up and copied files to my computer, and I think the same files in different folders, which is why Adobe Acrobat stuff is in lotus, though it could be the virus?

All of them are "Trojan horse PSW.Generic10.CHKG".
Logged

Allan

  • Moderator

    • Mastermind
    • Thanked: 1260
  • Experience: Guru
  • OS: Windows 10
Re: A bunch of Trojans found all of a sudden
« Reply #1 on: March 30, 2013, 04:47:02 AM »
You've obviously downloaded a cracked version of Acrobat and AVG sees the keygen as a potentially harmful file. We do not offer support on illegally obtained software, but all you need to do is deleted the cracked download -- and you should uninstall the illegally obtained software.
Logged

Technoid

  • Guest
Re: A bunch of Trojans found all of a sudden
« Reply #2 on: March 30, 2013, 09:59:34 AM »
I'm pretty sure it's from adobe.com.. It was installed before I started using the computer, so it either came with it or my dad installed it when he was using it, and I don't think he would do that.. As I said, it's been installed on the computer since forever, and I've used it a lot, and updated it from the official Adobe site. So why all of a sudden would AVG find the keygen as a harmful file? What's a keygen anyway?
Logged

SuperDave

  • Malware Removal Specialist
  • Moderator


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: A bunch of Trojans found all of a sudden
« Reply #3 on: March 30, 2013, 11:51:10 AM »
A keygenerator is a way to get pirated software to run. Please run this scanner to find where they are.

Download CKScanner by askey127 to your desktop.

* Double click CKScanner.exe and click Search For Files
* After a very short time, when the cursor hourglass disappears, click Save List To File
* A message box will verify the file saved.
* There will now be a file called CKFiles.txt on your desktop.
* Copy and paste the contents of CKFiles.txt in your next reply.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

Technoid

  • Guest
Re: A bunch of Trojans found all of a sudden
« Reply #4 on: March 30, 2013, 12:29:31 PM »
That link is broken, it says 404 error not found.
Logged

Technoid

  • Guest
Re: A bunch of Trojans found all of a sudden
« Reply #5 on: March 30, 2013, 09:40:55 PM »
When I was clearing out the recycle bins, AVG found the same kind of trojan horses in a few .EXE files with a bunch of number in C:\RECYCLER\NPROTECT. I don't know if that's from the other stuff or what.
Logged

Whitebeard1



    Intermediate

    Thanked: 2
    • Computer: Specs
    • Experience: Familiar
    • OS: Mac OS
    Re: A bunch of Trojans found all of a sudden
    « Reply #6 on: March 31, 2013, 03:00:05 AM »
    First, AVG often sees EXE files as potientially dangerous files. So it is not that big deal if it is an EXE file. If your AVG has blocked the trojian horse files, it is fine as long as it is moved or removed into the virus vault(the place where all malware are "imprisoned"). But if it is a program you want to use, delete the whole program, and download a new one. I hope it helps.  :)
    Logged
    Computers follow your orders, not your intentions.

    Technoid

    • Guest
    Re: A bunch of Trojans found all of a sudden
    « Reply #7 on: March 31, 2013, 07:44:32 AM »
    I've never had AVG do that, it finds corrupted ones and calls them "infected", but it's never thought one was a trojan horse before.

    I would normally just let AVG put it in the vault and go on, like if I go to a website and it detects something I just let it block it or put it in the vault or whatever and don't go on that site anymore, but this was already on the computer and I have no idea why AVG didn't find it earlier, and like I said they came up again, so I don't know if they are still there or what.
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: A bunch of Trojans found all of a sudden
    « Reply #8 on: March 31, 2013, 12:33:03 PM »
    Sorry, I haven't used that scanner for some time and apparently, it has been pulled and I don't have another such scanner. Let's run some scans and see what turns up.

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Search.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
    *********************************************
    Please download Malwarebytes Anti-Malware from here.
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
    *************************************************
    Download Security Check by screen317 from one of the following links and save it to your desktop.

    Link 1
    Link 2

    * Double-click Security Check.bat
    * Follow the on-screen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt
    * Post the contents of that document in your next reply.

    Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Technoid

    • Guest
    Re: A bunch of Trojans found all of a sudden
    « Reply #9 on: March 31, 2013, 10:50:43 PM »
    Here it all is:

    # AdwCleaner v2.115 - Logfile created 03/31/2013 at 14:08:48
    # Updated 17/03/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Michael - D9V50P91
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\Michael\Desktop\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\Michael\Application Data\AVG Secure Search
    Folder Found : C:\Documents and Settings\Michael\Application Data\iWin
    Folder Found : C:\Documents and Settings\Michael\Local Settings\Application Data\AVG Secure Search
    Folder Found : C:\Program Files\AVG Secure Search
    Folder Found : C:\Program Files\Common Files\AVG Secure Search

    ***** [Registry] *****

    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKU\S-1-5-21-1703037801-221494611-3155105034-1007\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v3.0.11 (en-US)

    File : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\p7x50nmm.default\prefs.js

    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={1F4641BF-AA97-4491-A26D-544D6B161729}&m[...]

    -\\ Google Chrome v26.0.1410.43

    File : C:\Documents and Settings\Michael\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Found [l.49] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Found [l.52] : keyword = "isearch.avg.com",
    Found [l.55] : search_url = "hxxps://isearch.avg.com/search?cid={75A103B2-8237-443B-B103-5902BACA6F33}&mid=1bcd16cf2ea841ad99238ce3ef7e6124-7b3ac5262ad4d23018fbe77b2db6b06ea1bdc4a4&lang=en&ds=AVG&pr=fr&d=2011-10-10 10:34:41&v=12.2.5.32&sap=dsp&q={searchTerms}",

    *************************

    AdwCleaner[R1].txt - [7306 octets] - [24/12/2012 20:48:00]
    AdwCleaner[R2].txt - [7993 octets] - [26/12/2012 12:27:12]
    AdwCleaner[R4].txt - [5664 octets] - [31/03/2013 14:08:48]
    AdwCleaner[S1].txt - [7918 octets] - [27/12/2012 15:24:10]

    ########## EOF - C:\AdwCleaner[R4].txt - [5784 octets] ##########


    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.03.31.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Michael :: D9V50P91 [administrator]

    3/31/2013 2:14:47 PM
    mbam-log-2013-03-31 (14-14-47).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 437525
    Time elapsed: 4 hour(s), 7 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


     Results of screen317's Security Check version 0.99.61 
     Windows XP Service Pack 3 x86   
     Internet Explorer 8 
    ``````````````Antivirus/Firewall Check:``````````````[/u]
     Windows Firewall Enabled! 
    Authentium Antivirus             
    AVG AntiVirus Free Edition 2013   
    ECHO is off.
    EarthLink Anti-virus             
     Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````[/u]
     Out of date Spybot installed!
     MVPS Hosts File 
     Spybot - Search & Destroy 1.4
     Spybot - Search & Destroy
     Malwarebytes Anti-Malware version 1.70.0.1100 
     Java(TM) 6 Update 15 
     Java(TM) SE Runtime Environment 6 Update 1
     Java(TM) 6 Update 2 
     Java 2 Runtime Environment, SE v1.4.2_03
     Java version out of Date!
     Adobe Flash Player 10 Flash Player out of Date!
     Adobe Reader XI 
     Mozilla Firefox (3.0.11) Firefox out of Date! 
     Google Chrome 25.0.1364.172 
     Google Chrome 26.0.1410.43 
    ````````Process Check: objlist.exe by Laurent````````[/u] 
     AVG avgwdsvc.exe
     AVG avgrsx.exe
     AVG avgnsx.exe
     AVG avgemc.exe
    `````````````````System Health check`````````````````[/u]
     Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
    ````````````````````End of Log``````````````````````[/u]


    I updated Spybot right before I posted this, and I'm going to defrag once this gets cleared up.

    Also, when I left MBAM alone to scan, when I came back after it was done and said no malicious items were detected, another AVG thing came up saying it found the exact same four trojan horses, only this time it was in the "C:\System volume information" folder. They were EXE's that started with "restore" and then a bunch of letters and numbers. I have no idea why MBAM did not find this, as AVG said it blocked them, but needed my approval to remove them.
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: A bunch of Trojans found all of a sudden
    « Reply #10 on: April 01, 2013, 12:57:17 PM »
    Remove the Adware:
    • Please close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with OK
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
    ***********************************************
    The log shows that your have three AV's on your computer; Authentium Antivirus , AVG AntiVirus Free Edition 2013   
     and EarthLink Anti-virus . Please make sure that only one is is active at any time or they will cause conflicts.

    Update Your Java (JRE)

    Old versions of Java have vulnerabilities that malware can use to infect your system.

    First Verify your Java Version

    If there are any other version(s) installed then update now.

    Get the new version (if needed)

    If your version is out of date install the newest version of the Sun Java Runtime Environment.

    Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Be sure to close ALL open web browsers before starting the installation.

    Remove any old versions

    1. Download JavaRa and unzip the file to your Desktop.
    2. Open JavaRA.exe and choose Remove Older Versions
    3. Once complete exit JavaRA.
    Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
    ************************************************
    Update your Adobe Reader. get.adobe.com/reader.

    Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

    *********************************************
    Download Combofix from any of the links below, and save it to your DESKTOP
    If your version of Windows defaults to you download folder you will need to copy it to your desktop.

    Link 1
    Link 2
    Link 3

    To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.
    • Close any open windows and double click ComboFix.exe to run it.

      You will see the following image:


    Click I Agree to start the program.

    ComboFix will then extract the necessary files and you will see this:



    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

    It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

    If you did not have it installed, you will see the prompt below. Choose YES.



    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

    Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Technoid

    • Guest
    Re: A bunch of Trojans found all of a sudden
    « Reply #11 on: April 01, 2013, 05:16:17 PM »
    I do not know how to access Authentium Antivirus or EarthLink Anti-virus. Any idea where I could find them? Authentium Antivirus is not in the Program Files folder as far as I can tell, there's a folder called Earthlink and a folder called Earthlink Total Access, but it doesn't look like the entire program's files are in there.

    When I go to verfiy my Java version, when I click verify it says "a malfunctioning or malicious add-on has caused internet explorer to close this webpage." On my other computer it tells me when there's a new version and asks me if I want to download it. If I click download it says nothing about removing the old version. Also I checked the settings for Java on this computer and it's set to notify me too, but it never has. What do you mean "If there are any other version(s) installed then update now."?

    AVG detected adwcleaner, but it just said "unknown". I've ran it before and I don't think AVG found it. I just told it to add it to the exceptions list. When I restarted the computer and the adwcleaner log came up, some command prompt thing came up, I think it deleted a file that it needed to once it restarted. AVG also found the cmd.exe, saying it was "unknown" too. I added cmd.exe to the exceptions list too.. Perhaps AVG is just freaking out for some reason?
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: A bunch of Trojans found all of a sudden
    « Reply #12 on: April 02, 2013, 10:34:57 AM »
    Quote
    I do not know how to access Authentium Antivirus or EarthLink Anti-virus. Any idea where I could find them?
    If you can't access Authentium AV run ComboFix with it enabled. It won't bother very much. EarthLinke AV is probably with your Internet Service Provider which you are probably paying a monthly fee. You will have to contact them if you no longer wish to use it.
    Quote
    AVG detected adwcleaner, but it just said "unknown". I've ran it before and I don't think AVG found it. I just told it to add it to the exceptions list. When I restarted the computer and the adwcleaner log came up, some command prompt thing came up, I think it deleted a file that it needed to once it restarted. AVG also found the cmd.exe, saying it was "unknown" too. I added cmd.exe to the exceptions list too.. Perhaps AVG is just freaking out for some reason?
    I would dump AVG in a heartbeat and download another one that's not a resource-hog. I like MSE because it is user-friendly.

    Remember to only install one antivirus!
     
    1) Avast! Home Edition
    2) AVG Free Edition
    3) Avira AntiVir Personal
    4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
    4-a) Microsoft Security Essentials for Windows XP
    5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
    6) PC Tools AntiVirus Free Edition

    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

    Please try to run ComboFix and post the log. We'll deal with Java later on.
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    Technoid

    • Guest
    Re: A bunch of Trojans found all of a sudden
    « Reply #13 on: April 06, 2013, 08:45:37 AM »
    Unless it's included in the internet bill, I don't think I'm paying for it..

    I'm going to get Avast as soon as this gets cleared up, since AVG is the one finding the trojans.

    Here's the log.

    ComboFix 13-04-05.01 - Michael 04/05/2013  23:02:50.1.2 - x86
    Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.440 [GMT -5:00]
    Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
    AV:  *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Authentium Antivirus *Enabled/Updated* {A4E803B3-4E6E-4271-B1CD-56FBC0992D36}
    AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: EarthLink Anti-virus *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
    FW:  *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    FW: EarthLink Firewall *Disabled* {38254411-9AEC-4967-913E-F892C2A4DF89}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\Michael\Application Data\7F6B8A
    c:\program files\Internet Explorer\SETD8C.tmp
    c:\program files\Internet Explorer\SETD8D.tmp
    c:\program files\Internet Explorer\SETD8E.tmp
    c:\windows\Install.txt
    c:\windows\iun6002.exe
    c:\windows\jestertb.dll
    c:\windows\MailSwitch.ocx
    c:\windows\system\Stdole2.tlb
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2bb0bc4ed17a39b2.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\2f2506b983a740f8.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\38cdd1f7660bbdd5.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\50d5bb5a911db35a.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a7e3ace41c7c3917.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\adcafb4e76b45101.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d0d994f3a1dc9de8.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\SET160.tmp
    c:\windows\system32\SET161.tmp
    c:\windows\system32\SET18F.tmp
    c:\windows\system32\SET1B7.tmp
    c:\windows\system32\SET1B9.tmp
    c:\windows\system32\SET1C8.tmp
    c:\windows\system32\SETD9D.tmp
    c:\windows\system32\SETD9E.tmp
    c:\windows\system32\SETD9F.tmp
    c:\windows\system32\SETDA0.tmp
    c:\windows\system32\SETDA1.tmp
    c:\windows\system32\SETDA2.tmp
    c:\windows\system32\SETDA3.tmp
    c:\windows\system32\SETDA4.tmp
    c:\windows\system32\SETDA5.tmp
    c:\windows\system32\SETDA6.tmp
    c:\windows\system32\SETDA7.tmp
    c:\windows\system32\SETDA8.tmp
    c:\windows\system32\SETDA9.tmp
    c:\windows\system32\SETDAA.tmp
    c:\windows\system32\SETDAB.tmp
    c:\windows\system32\SETDAC.tmp
    c:\windows\system32\SETDAD.tmp
    c:\windows\system32\SETDAE.tmp
    c:\windows\system32\SETDAF.tmp
    c:\windows\system32\SETDB0.tmp
    c:\windows\system32\SETDB1.tmp
    c:\windows\system32\SETDB2.tmp
    c:\windows\system32\SETDB4.tmp
    c:\windows\system32\SETDB5.tmp
    c:\windows\system32\SETDB6.tmp
    c:\windows\system32\SETDB7.tmp
    c:\windows\system32\SETDB8.tmp
    c:\windows\system32\SETDB9.tmp
    c:\windows\system32\SETDBA.tmp
    c:\windows\system32\SETDBB.tmp
    c:\windows\system32\SETDBC.tmp
    c:\windows\system32\SETDBD.tmp
    c:\windows\system32\SETDBE.tmp
    c:\windows\system32\SETDBF.tmp
    c:\windows\system32\SETDC0.tmp
    c:\windows\system32\SETDC1.tmp
    c:\windows\system32\SETDC2.tmp
    c:\windows\system32\SETDC3.tmp
    c:\windows\system32\SETDC4.tmp
    c:\windows\system32\SETDC5.tmp
    c:\windows\system32\SETDC6.tmp
    c:\windows\system32\SETDC7.tmp
    c:\windows\system32\SETDC8.tmp
    c:\windows\system32\SETDC9.tmp
    c:\windows\system32\SETDCA.tmp
    c:\windows\system32\SETDCB.tmp
    c:\windows\system32\SETDCC.tmp
    c:\windows\system32\SETDCD.tmp
    c:\windows\system32\Thumbs.db
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_MSNCACHE
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-03-06 to 2013-04-06  )))))))))))))))))))))))))))))))
    .
    .
    2013-03-29 16:50 . 2013-03-29 17:57   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2013-03-29 16:45 . 2013-03-29 16:45   --------   d-----w-   c:\documents and settings\Michael\Application Data\Windows Desktop Search
    2013-03-29 16:43 . 2013-03-29 16:43   --------   d-----w-   c:\program files\Windows Desktop Search
    2013-03-18 16:34 . 2013-03-18 16:34   --------   d-----w-   c:\program files\7-Zip
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-01 04:37 . 2012-10-18 20:33   33624   ----a-w-   c:\windows\system32\drivers\avgtpx86.sys
    2013-03-17 16:04 . 2012-04-03 02:52   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
    2013-03-17 16:04 . 2011-05-15 23:03   73432   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-01 15:32 . 2012-09-21 08:45   22328   ----a-w-   c:\windows\system32\drivers\avgidsshimx.sys
    2013-02-27 04:40 . 2012-09-13 08:11   208184   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
    2013-02-14 08:52 . 2012-09-21 08:46   182072   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
    2013-02-08 09:37 . 2012-10-05 08:26   96568   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
    2013-02-08 09:37 . 2012-09-21 08:46   245048   ----a-w-   c:\windows\system32\drivers\avglogx.sys
    2013-02-08 09:37 . 2012-09-21 08:45   60216   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
    2013-02-08 09:37 . 2012-10-02 08:30   170808   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
    2013-02-08 09:37 . 2012-09-14 08:05   39224   ----a-w-   c:\windows\system32\drivers\avgrkx86.sys
    2013-02-04 22:17 . 2013-02-04 22:19   8192   ----a-w-   c:\windows\system32\E_DCINST.DLL
    2013-02-04 22:17 . 2013-02-04 22:19   81408   ----a-w-   c:\windows\system32\E_TD4BIUE.DLL
    2013-02-04 22:17 . 2013-02-04 22:19   95232   ----a-w-   c:\windows\system32\E_TLBIUE.DLL
    2013-02-03 14:37 . 2013-02-03 14:36   249856   ------w-   c:\windows\Setup1.exe
    2013-02-03 14:37 . 2013-02-03 14:36   73216   ----a-w-   c:\windows\ST6UNST.EXE
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
    @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
    [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
    2012-09-18 19:51   4756880   ----a-w-   c:\program files\MozyHome\mozyshell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
    @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
    [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
    2012-09-18 19:51   4756880   ----a-w-   c:\program files\MozyHome\mozyshell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2005-10-29 25600]
    "cdloader"="c:\documents and settings\Michael\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RCSystem"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
    "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
    "FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
    "FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
    "LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
    .
    c:\documents and settings\Michael\Start Menu\Programs\Startup\AutorunsDisabled
    Shortcut to TeaTimer.lnk - c:\program files\Spybot - Search & Destroy\TeaTimer.exe [2006-9-24 2260480]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-7-27 25214]
    Adobe Acrobat Speed Launcher.lnk.disabled [2008-12-7 2335]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    Microsoft Office.lnk.disabled [2007-4-15 1725]
    MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648]
    Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
    2005-12-23 02:08   450646   ----a-w-   c:\windows\system32\PRISMAPI.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-12-14 22:49   824232   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
    "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" /R
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Motive SmartBridge"=c:\recycler\S-1-5-21-1703037801-221494611-3155105034-1005\Dc1392\SmartBridge\MotiveSB.exe
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    "OM_Monitor"=c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
    "CTHelper"=CTHELPER.EXE
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
    "ehTray"=c:\windows\ehome\ehtray.exe
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
    "SigmatelSysTrayApp"=stsystra.exe
    "UpdReg"=c:\windows\UpdReg.EXE
    "CTxfiHlp"=CTXFIHLP.EXE
    "FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" /s
    "SansaDispatch"=c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
    "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe
    "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray
    "15182034"=c:\documents and settings\All Users\Application Data\15182034\15182034.exe
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "LifeChat"="c:\program files\Microsoft LifeChat\LifeChat.exe"
    "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    "Logitech Utility"=Logi_MwX.Exe
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "c:\program files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\Program Files\\Microsoft Games\\MechWarrior Vengeance\\MW4.ICD"=
    "c:\\Program Files\\Outlook Express\\msimn.exe"=
    "c:\\Program Files\\WildTangent\\Apps\\Dell Game Console\\GameConsole.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Final DOOM for Windows 95\\Doom95.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
    "c:\\Program Files\\Play65\\Play65.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
    "c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"=
    "c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\Battlefront.exe"=
    "c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
    "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Doom 3\\Doom3.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\EPSON Software\\Event Manager\\EEventManager.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [9/21/2012 3:45 AM 60216]
    R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 245048]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 39224]
    R0 GRFILTER;CS NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [7/11/2005 9:36 AM 15548]
    R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [9/13/2012 3:11 AM 208184]
    R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 22328]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 170808]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 182072]
    R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [10/18/2012 3:33 PM 33624]
    R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [5/14/2009 6:07 PM 759048]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
    R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [5/10/2012 3:00 PM 539744]
    R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\escsvc.exe [2/4/2013 5:23 PM 122000]
    R2 GRTdiMon;GR TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [7/11/2005 9:38 AM 20480]
    R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/31/2004 12:52 AM 95328]
    R2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [3/16/2006 2:46 PM 61526]
    R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/31/2013 11:38 PM 990896]
    S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [12/2/2012 11:54 PM 283600]
    S2 gupdate1c993a82f1ae125;Google Update Service (gupdate1c993a82f1ae125);c:\program files\Google\Update\GoogleUpdate.exe [2/20/2009 5:11 PM 133104]
    S3 gsplittm;gsplittm;\??\c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys --> c:\docume~1\Michael\LOCALS~1\Temp\gsplittm.sys [?]
    S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/20/2011 1:21 PM 39048]
    S4 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
    S4 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-29 16:28   1642448   ----a-w-   c:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11]
    .
    2013-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 22:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE: Convert link target to Adobe PDF
    IE: Convert link target to existing PDF
    IE: Convert selected links to Adobe PDF
    IE: Convert selected links to existing PDF
    IE: Convert selection to Adobe PDF
    IE: Convert selection to existing PDF
    IE: Convert to Adobe PDF
    IE: Convert to existing PDF
    Trusted Zone: bwproducers.com
    Trusted Zone: cisgroup.com
    Trusted Zone: farmers.com
    Trusted Zone: farmersinsurance.com
    Trusted Zone: farmersleadcenter.com
    Trusted Zone: farmerslife.com
    Trusted Zone: foremostfarmers.com
    Trusted Zone: foremoststar.com
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: postoffice.net
    Trusted Zone: zurich.com
    TCP: DhcpNameServer = 192.168.1.254
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {BE8EEE38-A7C5-4674-A6C4-C2D7421FDD10} - hxxps://bie.farmersinsurance.com/prweb/PRServletLDAP1/8gYJ4DHQrCXUTefMjim_tw%5B%5B*/prvisiointerface.cab
    FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\p7x50nmm.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-ABBYY Screenshot Reader Bonus - (no file)
    HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
    HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
    HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
    HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
    HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
    ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
    Notify-Schedule - (no file)
    Notify-termsrv - (no file)
    Notify-wlballoon - (no file)
    SafeBoot-AVG Anti-Spyware Driver
    SafeBoot-AVG Anti-Spyware Guard
    AddRemove-Battlecraft 19422.1 - c:\windows\iun6002.exe
    AddRemove-Battlecraft Vietnam1.2 - c:\windows\iun6002.exe
    AddRemove-BFV Command and Control Server Manager - BFVCC2.14_B Beta - c:\windows\iun6002.exe
    AddRemove-MDT - c:\windows\iun6002.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-04-06 09:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ... 
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ... 
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2888)
    c:\windows\system32\WININET.dll
    c:\program files\MozyHome\mozyshell.dll
    c:\progra~1\WINDOW~3\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Common Files\Command Software\dvpapi.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\MozyHome\mozybackup.exe
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\fxssvc.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\PRISMSVR.EXE
    c:\program files\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    .
    **************************************************************************
    .
    Completion time: 2013-04-06  09:50:27 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-04-06 14:50
    .
    Pre-Run: 12,207,898,624 bytes free
    Post-Run: 12,679,184,384 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 70DDFAFA501DB7916100B3C48CD6B9B9
    Logged

    Technoid

    • Guest
    Re: A bunch of Trojans found all of a sudden
    « Reply #14 on: April 06, 2013, 08:58:17 AM »
    Adwcleaner got rid of my AVG toolbar again. Are there any other security toolbars you recommend?
    Logged
    Pages: [1] 2  All   Go Up
    « previous next »