Trojan horse Generic 12.AVVJ

Dell / INSPIRON 530S
February 15, 2009 at 21:49:31
Specs: Windows Vista Home Prenium Built 6001, SP 1, idk
In AVG, I got a warning about Trojan horse
Generic 12.AVVJ, I added it to the vault. But
I wanna make sure its all gone. Here's my
HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:05 Evening, on 2/15/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 
(7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program 
Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Google\Google Desktop 
Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\Internet 
Security 14\pccguide.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI 
Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\vVX3000.exe
C:\Program Files\Google\Gmail 
Notifier\gnotify.exe
C:\Program Files\Alwil 
Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows 
Live\Messenger\msnmsgr.exe
C:\Users\Jeremy\AppData\Local\Google\Update\G
oogleUpdate.exe
C:\Users\Jeremy\AppData\Roaming\Google\Google
 
Talk\googletalk.exe
C:\Program Files\Spybot - Search & 
Destroy\TeaTimer.exe
C:\Program Files\Windows Media 
Player\wmpnscfg.exe
C:\Program Files\Internet 
Explorer\iexplore.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Desktop 
Search\GoogleDesktop.exe
C:\Program Files\ATI 
Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows 
Live\Contacts\wlcomm.exe
C:\Windows\system32\Dwm.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Windows\Explorer.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\localhostr uploadr\lhu.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Program Files\Adobe\Reader 
8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft 
LifeCam\LifeTray.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe
C:\Users\Jeremy\Downloads\HiJackThis.exe
C:\Users\Jeremy\AppData\Local\Google\Chrome\A
pplication\chrome.exe

R1 - HKCU\Software\Microsoft\Internet 
Explorer\Main,Search Page = 
<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?Lin...</a>
R1 - HKLM\Software\Microsoft\Internet 
Explorer\Main,Default_Search_URL = 
<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?Lin...</a>
R1 - HKLM\Software\Microsoft\Internet 
Explorer\Main,Search Page = 
<a href="http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank">http://go.microsoft.com/fwlink/?Lin...</a>
R0 - HKLM\Software\Microsoft\Internet 
Explorer\Main,Start Page = 
<a href="http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank">http://go.microsoft.com/fwlink/?Lin...</a>
R0 - HKLM\Software\Microsoft\Internet 
Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet 
Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet 
Explorer\Main,Window Title = Internet 
Explorer provided by Dell
R1 - 
HKCU\Software\Microsoft\Windows\CurrentVersio
n\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet 
Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - 
C:\Program Files\Common 
Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com 
IESiteBlocker.NavFilter - {3CA2F312-6F6E-
4B53-A66E-4E65E497C8C0} - C:\Program 
Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - 
{53707962-6F74-2D53-2644-206D7942484F} - 
C:\Program Files\Spybot - Search & 
Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-
9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - 
C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - 
{9030D464-4C02-4ABF-8ECC-5164760863C6} - 
C:\Program Files\Common Files\Microsoft 
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - 
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - 
C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - 
{DBC80044-A445-435b-BC74-9C25C1C588A9} - 
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] 
"C:\Program Files\Windows 
Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program 
Files\ATI Technologies\ATI.ACE\Core-
Static\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] 
"C:\Program Files\Google\Google Desktop 
Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] "C:\Program 
Files\Dell Support 
Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed 
Launcher] "C:\Program Files\Adobe\Reader 
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program 
Files\Trend Micro\Internet Security 
14\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] 
"C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] 
"C:\Program Files\QuickTime\QTTask.exe" -
atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program 
Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program 
Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] 
C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-
b109a192b4c2}] C:\Program Files\Google\Gmail 
Notifier\gnotify.exe
O4 - HKLM\..\Run: [avast!] 
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] 
C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: 
[RunSpySweeperScheduleAtStartup] 
"C:\Windows\system32\msfeedssync.exe" 
/ScheduleSweep=User_Feed_Synchronization-
{C9004FF9-F3FF-452A-B1E0-AFCE242B2235}
O4 - HKCU\..\Run: [ehTray.exe] 
C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program 
Files\Windows Live\Messenger\MsnMsgr.Exe" 
/background
O4 - HKCU\..\Run: [Google Update] 
"C:\Users\Jeremy\AppData\Local\Google\Update\
GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] 
C:\Users\Jeremy\AppData\Roaming\Google\Google
 
Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [StartBind] 
"C:\ProgramData\acidownsowns.kw4b0"
O4 - HKCU\..\Run: [Ford mpeg road draw] 
"C:\ProgramData\support dog bend.ondep"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] 
C:\Program Files\Spybot - Search & 
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program 
Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program 
Files\Windows Sidebar\sidebar.exe
O4 - Startup: OpenOffice.org 3.0.lnk = 
C:\Program Files\OpenOffice.org 
3\program\quickstart.exe
O9 - Extra button: (no name) - {DFB852A3-
47F8-48C4-A200-58CAB36FD2A2} - C:\Program 
Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search 
&& Destroy Configuration - {DFB852A3-47F8-
48C4-A200-58CAB36FD2A2} - C:\Program 
Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-
47D5-A4D1-FBDDE494F8D1} - C:\Program 
Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: 
C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgr
sstx.dll
O20 - Winlogon Notify: GoToAssist - 
C:\Program 
Files\Citrix\GoToAssist\480\G2AWinLogon.dll 
(file missing)
O23 - Service: Lavasoft Ad-Aware Service 
(aawservice) - Lavasoft - C:\Program 
Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Andrea RT Filters Service 
(AERTFilters) - Andrea Electronics 
Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Apple Mobile Device - Apple 
Inc. - C:\Program Files\Common 
Files\Apple\Mobile Device 
Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service 
(aswUpdSv) - ALWIL Software - C:\Program 
Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - 
ATI Technologies Inc. - 
C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL 
Software - C:\Program Files\Alwil 
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL 
Software - C:\Program Files\Alwil 
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL 
Software - C:\Program Files\Alwil 
Software\Avast4\ashWebSv.exe
O23 - Service: AVG Free8 E-mail Scanner 
(avg8emc) - AVG Technologies CZ, s.r.o. - 
C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - 
AVG Technologies CZ, s.r.o. - 
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - 
C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - 
Macrovision Europe Ltd. - C:\Program 
Files\Common Files\Macrovision Shared\FLEXnet 
Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 
5.7.806.10245 (GoogleDesktopManager-061008-
081103) - Google - C:\Program 
Files\Google\Google Desktop 
Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a 
division of Citrix Systems, Inc. - C:\Program 
Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - 
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control 
Component (PcCtlCom) - Trend Micro Inc. - 
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: stllssvr - MicroVision 
Development, Inc. - C:\Program Files\Common 
Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service 
(Tmntsrv) - Trend Micro Inc. - 
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall 
(TmPfw) - Trend Micro Inc. - 
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service 
(tmproxy) - Trend Micro Inc. - 
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - 
Viewpoint Corporation - C:\Program 
Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: wampapache - Apache Software 
Foundation - 
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - 
c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 10132 bytes


See More: Trojan horse Generic 12.AVVJ

Report •


#1
February 16, 2009 at 06:46:36
Ok, thanks Hertinas. Whenever I opened up
Firefox, ocasionally I would get an ad from
internet explorer. And whenever I open up
Internet Explorer I'd get an ad. (mostly like
diet.com or something)

Ok... I need to buy SpyHunter to get it to remove things from my computer - so that won't work... Do you mind telling me which files in my log to delete (in safemode, I think)


Report •
Related Solutions


Ask Question