Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG identified GENERIC trojan but couldn't locate it

Started by peta.grrl , Nov 06 2011 09:27 AM

  • Please log in to reply

#1
peta.grrl
Posted 06 November 2011 - 09:27 AM

peta.grrl

    Member

  • Member
  • PipPip
  • 23 posts
About a week ago I ran AVG and 2 GENERIC Trojans were found. One was removed but the other could not be located to be removed. I figure now that I have a moment I should get some help in removing it. I haven't received any error codes yet or encountered any troubles but I'd like to be sure nothing sinister is going on in the background. I need your help to locate and remove this Trojan.

Here is the OTL log:

OTL logfile created on: 11/6/2011 7:08:07 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.12 Mb Total Physical Memory | 316.46 Mb Available Physical Memory | 31.21% Memory free
1.99 Gb Paging File | 0.96 Gb Available in Paging File | 48.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 44.87 Gb Total Space | 12.02 Gb Free Space | 26.78% Space Free | Partition Type: NTFS
Drive D: | 45.35 Gb Total Space | 43.74 Gb Free Space | 96.44% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/06 07:07:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL(1).com
PRC - [2011/10/26 13:52:10 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/10/26 13:52:08 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/10/18 05:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/10/06 20:42:09 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/10/06 20:41:59 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/10/01 07:20:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/26 13:52:08 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/14 07:48:53 | 008,522,400 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/01 07:20:47 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/26 13:52:10 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/06 20:42:09 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/10/06 20:41:59 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/08/18 13:18:02 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/06 20:42:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/10/04 05:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2008/07/22 06:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/03/07 01:08:46 | 002,595,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/08/04 02:39:10 | 000,008,192 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 8C 2B ED 03 5E CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..keyword.URL: "http://isearch.avg.c...2:16&sap=ku&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/04 08:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 07:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/15 18:11:33 | 000,000,000 | ---D | M]

[2011/08/22 20:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/10/26 13:52:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x973hrlk.default\extensions
[2011/10/26 13:52:37 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\x973hrlk.default\extensions\avg@toolbar
[2011/10/25 21:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/18 16:18:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/08/19 10:17:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/08/25 12:32:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2011/10/25 21:20:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/11/04 08:58:53 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/10/01 07:20:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/01 07:20:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2009/06/10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.34\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [cdloader] C:\Users\Owner\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.154.133.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ED6274F-9492-457F-BEB6-A6FAB4EF3031}: DhcpNameServer = 192.168.1.254 75.154.133.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE79AAFD-378B-4606-B179-B0CAD50E947D}: DhcpNameServer = 192.168.1.254 75.154.133.68
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 08:56:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/04 06:59:06 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/11/03 19:30:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Compare Dinair Airbrush Makeup Kits_files
[2011/10/27 00:51:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Mexico Surgery
[2011/10/26 17:40:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Virago
[2011/10/26 17:39:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Beauty
[2011/10/26 13:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/10/26 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/10/26 13:52:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/10/26 13:50:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG2012
[2011/10/26 13:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/25 21:35:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Gems
[2011/10/25 14:24:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\g type foods_files
[2011/10/25 14:20:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\body type test results_files
[2011/10/25 14:20:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\thyroid_body_type_results.php_files
[2011/10/14 21:56:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\DH Gate Wedding Dresses_files

========== Files - Modified Within 30 Days ==========

[2011/11/06 06:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/05 17:14:50 | 108,876,448 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/05 14:56:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/04 15:14:41 | 000,021,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 15:14:41 | 000,021,024 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 15:06:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 15:06:06 | 797,532,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 11:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/11/04 08:58:58 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/03 19:31:07 | 000,023,089 | ---- | M] () -- C:\Users\Owner\Desktop\Compare Dinair Airbrush Makeup Kits.htm
[2011/11/01 17:21:57 | 000,130,237 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/10/30 18:16:22 | 000,000,991 | ---- | M] () -- C:\Users\Owner\Desktop\magicJack.lnk
[2011/10/27 00:58:58 | 000,024,604 | ---- | M] () -- C:\Users\Owner\Documents\cc_20111027_015754.reg
[2011/10/27 00:56:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/25 14:24:37 | 000,123,647 | ---- | M] () -- C:\Users\Owner\Documents\g type foods.html
[2011/10/25 14:21:00 | 000,030,987 | ---- | M] () -- C:\Users\Owner\Documents\body type test results.htm
[2011/10/25 14:20:21 | 000,048,254 | ---- | M] () -- C:\Users\Owner\Documents\thyroid_body_type_results.php.htm
[2011/10/14 02:32:11 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/14 02:03:03 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/14 02:03:03 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/03 19:30:56 | 000,023,089 | ---- | C] () -- C:\Users\Owner\Desktop\Compare Dinair Airbrush Makeup Kits.htm
[2011/10/27 00:58:03 | 000,024,604 | ---- | C] () -- C:\Users\Owner\Documents\cc_20111027_015754.reg
[2011/10/27 00:56:53 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/26 13:52:41 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/10/25 14:24:31 | 000,123,647 | ---- | C] () -- C:\Users\Owner\Documents\g type foods.html
[2011/10/25 14:20:58 | 000,030,987 | ---- | C] () -- C:\Users\Owner\Documents\body type test results.htm
[2011/10/25 14:20:04 | 000,048,254 | ---- | C] () -- C:\Users\Owner\Documents\thyroid_body_type_results.php.htm
[2011/08/24 19:02:07 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2011/08/22 20:04:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/08/18 14:30:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/18 14:28:36 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,409,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,627,082 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,366 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/01/13 09:46:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v4764.dll
[2006/08/04 02:39:20 | 000,386,560 | ---- | C] () -- C:\Windows\System32\drivers\XAudio.exe
[2006/08/04 02:39:10 | 000,008,192 | ---- | C] () -- C:\Windows\System32\drivers\XAudio.sys
[2006/06/18 23:26:58 | 000,012,672 | ---- | C] () -- C:\Windows\System32\drivers\mdmxsdk.sys
[2006/06/18 23:26:50 | 000,094,208 | ---- | C] () -- C:\Windows\System32\mdmxsdk.dll

========== LOP Check ==========

[2011/08/26 23:29:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Alawar Stargaze
[2011/10/26 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2012
[2011/09/11 17:11:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Boolat Games
[2011/09/11 17:16:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Floodlight Games
[2011/10/30 18:16:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\mjusbsp
[2011/08/19 13:03:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2011/08/19 12:52:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/08/25 09:53:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Watchtower
[2011/11/04 11:32:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009/07/13 20:53:46 | 000,011,894 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F89F2593
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:D999FFD5
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0ACF1AF5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:72A1B66A

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP