Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan Horse Virus
-
13-02-2008 7:34pm#1Guys,
Can ye help?
Have an XP Prof laptop infected with a trojan virus which AVG cannot fix. Files which AVG is hitting are c:\windows\system32\consolem.dll (also c:\windows\system32\consolem.dll.bak) and C:\windows\system32\framebufr.dll
Hijackthis log is as follows
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:58 PM, on 2/13/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25ED0819-0F85-4034-8D42-6E34A28E830C} - c:\windows\system32\consolem.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {82A5E7DC-F145-4CC6-92ED-E4A9CB604C36} - C:\WINDOWS\System32\framebufr.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B862223} - C:\Program Files\Helper\1202326052.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner2008.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin F5D8053 N Wireless USB Adapter Utility.lnk = C:\Program Files\Belkin\F5D8053\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O20 - Winlogon Notify: oyruieze - C:\WINDOWS\SYSTEM32\consolem.dll
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - C:\WINDOWS\System32\iinqyl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
--
End of file - 4792 bytes
WinPfind3u log is as follows..
WinPFind3 logfile created on: 2/13/2008 5:32:50 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\EDDIE\Desktop\WinPFind3u\
Microsoft Windows XP (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2600.0000)
1023.23 Mb Total Physical Memory | 729.94 Mb Available Physical Memory | 71.34% Memory free
2.40 Gb Paging File | 2.16 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 33.47 Gb Free Space | 89.83% Space Free
Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: FGD-CK36LW0XB6H
Current User Name: EDDIE
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
1xconfig.exe -> %System32%\1XConfig.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 389186 bytes | Modified Date = 8/3/2006 3:14:14 AM | Attr = ]
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 11:08:42 AM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.4.101.118 | Size = 151552 bytes | Modified Date = 8/20/2003 8:24:04 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:00 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:00 PM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 7/29/2003 1:30:00 PM | Attr = ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/31/2008 9:49:06 PM | Attr = ]
avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/31/2008 9:49:06 PM | Attr = ]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/31/2008 9:49:08 PM | Attr = ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/31/2008 9:49:10 PM | Attr = ]
belkinwcui.exe -> %ProgramFiles%\Belkin\F5D8053\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 35 | Size = 1728512 bytes | Modified Date = 7/2/2007 7:45:04 PM | Attr = ]
pronomgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 7.1.4.0 | Size = 135168 bytes | Modified Date = 7/7/2005 6:08:00 AM | Attr = ]
regsrvc.exe -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 122880 bytes | Modified Date = 8/3/2006 3:13:32 AM | Attr = ]
s24evmon.exe -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 426051 bytes | Modified Date = 8/3/2006 3:16:08 AM | Attr = ]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
zcfgsvc.exe -> %System32%\ZCfgSvc.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 639040 bytes | Modified Date = 8/3/2006 3:19:18 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 1/4/2008 1:27:08 PM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 323584 bytes | Modified Date = 7/29/2003 2:11:00 PM | Attr = ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/31/2008 9:49:06 PM | Attr = ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/31/2008 9:49:10 PM | Attr = ]
(AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/31/2008 9:49:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.1.301.0 | Size = 139264 bytes | Modified Date = 4/29/2003 2:29:54 PM | Attr = ]
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %System32%\RegSrvc.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 122880 bytes | Modified Date = 8/3/2006 3:13:32 AM | Attr = ]
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %System32%\S24EvMon.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 426051 bytes | Modified Date = 8/3/2006 3:16:08 AM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Apoint -> %ProgramFiles%\Apoint\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 5.4.101.118 | Size = 151552 bytes | Modified Date = 8/20/2003 8:24:04 PM | Attr = ]
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 4:24:00 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5028 | Size = 335872 bytes | Modified Date = 7/29/2003 1:30:00 PM | Attr = ]
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 1/31/2008 9:49:06 PM | Attr = ]
PRONoMgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 7.1.4.0 | Size = 135168 bytes | Modified Date = 7/7/2005 6:08:00 AM | Attr = ]
ZCfgSvc.exe -> %System32%\ZCfgSvc.exe -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 639040 bytes | Modified Date = 8/3/2006 3:19:18 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
RegistryCleanFixMFC -> %ProgramFiles%\RegistryCleaner\registrycleaner2008.exe -> File not found
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ]
%AllUsersStartup%\Belkin F5D8053 N Wireless USB Adapter Utility.lnk -> %ProgramFiles%\Belkin\F5D8053\Belkinwcui.exe -> Belkin [Ver = 1, 0, 0, 35 | Size = 1728512 bytes | Modified Date = 7/2/2007 7:45:04 PM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{27cb634d-c84e-4c00-9b53-f5523601dbad} [HKLM] -> %System32%\iinqyl.dll [epineurial] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %System32%\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 7/29/2003 2:11:00 PM | Attr = ]
oyruieze -> %System32%\consolem.dll -> [Ver = | Size = 83968 bytes | Modified Date = 2/11/2008 10:47:28 PM | Attr = ]
Sebring -> %System32%\LgNotify.dll -> Intel Corporation [Ver = 7, 1, 4, 7 | Size = 188482 bytes | Modified Date = 8/3/2006 3:20:40 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< HOSTS File > (223945 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://www.google.com/ie ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Bar -> http://www.google.com/ie ->
HKCU: Search Page -> http://www.google.com ->
HKCU: Start Page -> http://www.google.ie/ ->
HKCU: SearchAssistant -> http://www.google.com/ie ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{25ED0819-0F85-4034-8D42-6E34A28E830C} [HKLM] -> %System32%\consolem.dll [] -> [Ver = | Size = 83968 bytes | Modified Date = 2/11/2008 10:47:28 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
{82A5E7DC-F145-4CC6-92ED-E4A9CB604C36} [HKLM] -> %System32%\framebufr.dll [Reg Data - Value does not exist] -> [Ver = | Size = 83968 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
{F10587E9-0E47-4CBE-ABCD-7DD20B862223} [HKLM] -> %ProgramFiles%\Helper\1202326052.dll [e404mgr Class] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 843804 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> %SystemRoot%\Web\related.htm [ButtonText: @shdoclc.dll,-866] -> [Ver = | Size = 646 bytes | Modified Date = 4/2/2007 8:22:06 PM | Attr = ]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [MenuText: Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{18BCF9B4-2BC8-4AAF-83EA-A9721DD94AC8} -> (Belkin F5D8053 N Wireless USB Adapter) ->
{209591DD-B013-4C20-9368-5297121A5E67} -> (Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter) ->
{93C6FBC3-48A5-46DA-9F8E-6DAA298923FA} -> (Broadcom 570x Gigabit Integrated Controller) ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 843804 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{00000162-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/B/B/0BB06A5C-8611-4840-86B3-54DDDD0344B9/wma9dmo.cab ->
{33564D57-0000-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB ->
[Registry - Additional Scans - Non-Microsoft Only]
[Files/Folders - Created Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2/1/2008 9:30:09 PM | Attr = RH ]
adaware -> %SystemDrive%\adaware -> [Folder | Created Date = 1/21/2008 12:38:20 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/31/2008 10:27:31 PM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Created Date = 1/31/2008 10:03:18 PM | Attr = ]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 1/18/2008 12:48:32 AM | Attr = ]
RegistryCleaner -> %SystemRoot%\RegistryCleaner -> [Folder | Created Date = 1/27/2008 6:54:50 PM | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3452 bytes | Created Date = 2/6/2008 11:37:09 PM | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 2/6/2008 11:37:09 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 353 bytes | Created Date = 2/7/2008 12:11:57 AM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 436 bytes | Created Date = 1/20/2008 3:37:39 AM | Attr = ]
appmgmt -> %System32%\appmgmt -> [Folder | Created Date = 1/27/2008 5:45:43 PM | Attr = ]
consolem.dll -> %System32%\consolem.dll -> [Ver = | Size = 83968 bytes | Created Date = 1/20/2008 3:37:35 AM | Attr = ]
consolem.dll.bak -> %System32%\consolem.dll.bak -> [Ver = | Size = 83968 bytes | Created Date = 1/20/2008 3:37:35 AM | Attr = ]
dvujgyxu.dat -> %System32%\dvujgyxu.dat -> [Ver = | Size = 741632 bytes | Created Date = 1/20/2008 4:17:57 AM | Attr = ]
framebufr.dll -> %System32%\framebufr.dll -> [Ver = | Size = 83968 bytes | Created Date = 1/20/2008 3:36:50 AM | Attr = ]
gipdgopq.dat -> %System32%\gipdgopq.dat -> [Ver = | Size = 35072 bytes | Created Date = 1/20/2008 4:17:57 AM | Attr = ]
kbzzdnkh.dat -> %System32%\kbzzdnkh.dat -> [Ver = | Size = 36608 bytes | Created Date = 1/20/2008 4:17:57 AM | Attr = ]
libssl32.dll -> %System32%\libssl32.dll -> OpenSSL <www.openssl.org> [Ver = 0.9.7c | Size = 246545 bytes | Created Date = 1/20/2008 4:17:57 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Created Date = 1/31/2008 10:27:32 PM | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Created Date = 1/20/2008 3:37:39 AM | Attr = S]
prkouqfs.dat -> %System32%\prkouqfs.dat -> [Ver = | Size = 42752 bytes | Created Date = 1/20/2008 4:17:57 AM | Attr = ]
unacev2.dll -> %System32%\unacev2.dll -> [Ver = | Size = 75264 bytes | Created Date = 1/27/2008 6:52:37 PM | Attr = ]
unrar3.dll -> %System32%\unrar3.dll -> [Ver = | Size = 153088 bytes | Created Date = 1/27/2008 6:52:37 PM | Attr = ]
vpkowdsw.dat -> %System32%\vpkowdsw.dat -> [Ver = | Size = 120576 bytes | Created Date = 1/20/2008 3:43:33 AM | Attr = ]
w70n5msg.dll -> %System32%\w70n5msg.dll -> Intel® Corporation [Ver = 1.0.0.0 | Size = 32768 bytes | Created Date = 1/31/2008 10:12:28 PM | Attr = R ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 1/18/2008 12:49:55 AM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Created Date = 1/18/2008 12:49:31 AM | Attr = ]
ztvunace26.dll -> %System32%\ztvunace26.dll -> [Ver = | Size = 77312 bytes | Created Date = 1/27/2008 6:52:37 PM | Attr = ]
ztvunrar36.dll -> %System32%\ztvunrar36.dll -> [Ver = | Size = 162304 bytes | Created Date = 1/27/2008 6:52:37 PM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Created Date = 1/31/2008 9:49:16 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Created Date = 1/31/2008 9:49:21 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Created Date = 1/31/2008 9:49:21 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Created Date = 1/31/2008 9:49:22 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Created Date = 1/31/2008 9:49:21 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Created Date = 1/31/2008 9:49:21 PM | Attr = ]
muwdfpxo.dat -> %System32%\drivers\muwdfpxo.dat -> [Ver = | Size = 19584 bytes | Created Date = 1/1/1601 | Attr = ]
hosts.20080127-195217.backup -> %System32%\drivers\etc\hosts.20080127-195217.backup -> [Ver = | Size = 734 bytes | Created Date = 1/27/2008 7:52:17 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
$VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2/13/2008 5:33:02 PM | Attr = RH ]
adaware -> %SystemDrive%\adaware -> [Folder | Modified Date = 1/27/2008 7:23:38 PM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2/1/2008 9:24:04 PM | Attr = HS]
Intel -> %SystemDrive%\Intel -> [Folder | Modified Date = 1/31/2008 10:26:52 PM | Attr = ]
ORM Recycling Ltd -> %SystemDrive%\ORM Recycling Ltd -> [Folder | Modified Date = 1/29/2008 10:51:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/7/2008 12:12:30 AM | Attr = R ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/11/2008 10:28:10 PM | Attr = HS]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/7/2008 12:11:58 AM | Attr = ]
zonealarm -> %SystemDrive%\zonealarm -> [Folder | Modified Date = 1/18/2008 12:48:22 AM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/13/2008 5:23:54 PM | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2/13/2008 5:24:06 PM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/4/2008 12:22:12 AM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/19/2008 1:40:34 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2/4/2008 12:22:12 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/31/2008 10:27:56 PM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 1/21/2008 12:14:34 AM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/31/2008 10:27:34 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 376 bytes | Modified Date = 1/29/2008 9:04:32 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2/13/2008 5:32:08 PM | Attr = ]
RegistryCleaner -> %SystemRoot%\RegistryCleaner -> [Folder | Modified Date = 1/27/2008 6:54:52 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 1/31/2008 9:50:56 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 2/11/2008 10:47:28 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 1/27/2008 7:32:40 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/13/2008 5:17:04 PM | Attr = ]
unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3452 bytes | Modified Date = 2/6/2008 11:37:10 PM | Attr = ]
unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2/6/2008 11:35:08 PM | Attr = ]
Web -> %SystemRoot%\Web -> [Folder | Modified Date = 1/27/2008 8:42:22 PM | Attr = R ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 353 bytes | Modified Date = 2/7/2008 12:40:44 AM | Attr = ]
At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 436 bytes | Modified Date = 2/10/2008 7:21:50 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2/13/2008 5:24:00 PM | Attr = H ]
appmgmt -> %System32%\appmgmt -> [Folder | Modified Date = 1/27/2008 5:45:44 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2/4/2008 12:22:10 AM | Attr = ]
consolem.dll -> %System32%\consolem.dll -> [Ver = | Size = 83968 bytes | Modified Date = 2/11/2008 10:47:28 PM | Attr = ]
consolem.dll.bak -> %System32%\consolem.dll.bak -> [Ver = | Size = 83968 bytes | Modified Date = 1/31/2008 10:39:36 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 2/4/2008 10:46:58 PM | Attr = ]
dvujgyxu.dat -> %System32%\dvujgyxu.dat -> [Ver = | Size = 741632 bytes | Modified Date = 1/20/2008 4:17:58 AM | Attr = ]
gipdgopq.dat -> %System32%\gipdgopq.dat -> [Ver = | Size = 35072 bytes | Modified Date = 1/20/2008 4:17:58 AM | Attr = ]
kbzzdnkh.dat -> %System32%\kbzzdnkh.dat -> [Ver = | Size = 36608 bytes | Modified Date = 1/22/2008 7:34:40 PM | Attr = ]
libssl32.dll -> %System32%\libssl32.dll -> OpenSSL <www.openssl.org> [Ver = 0.9.7c | Size = 246545 bytes | Modified Date = 1/20/2008 4:17:58 AM | Attr = ]
LogFiles -> %System32%\LogFiles -> [Folder | Modified Date = 1/31/2008 10:27:34 PM | Attr = ]
Microsoft -> %System32%\Microsoft -> [Folder | Modified Date = 1/20/2008 3:37:40 AM | Attr = S]
prkouqfs.dat -> %System32%\prkouqfs.dat -> [Ver = | Size = 42752 bytes | Modified Date = 2/4/2008 10:46:56 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 2/11/2008 10:28:10 PM | Attr = ]
vpkowdsw.dat -> %System32%\vpkowdsw.dat -> [Ver = | Size = 120576 bytes | Modified Date = 2/6/2008 11:07:54 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2184 bytes | Modified Date = 2/10/2008 2:43:06 AM | Attr = ]
zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 1/18/2008 12:49:56 AM | Attr = H ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 1/21/2008 12:14:34 AM | Attr = ]
avg7core.sys -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/31/2008 9:49:18 PM | Attr = ]
avg7rsw.sys -> %System32%\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 1/31/2008 9:49:22 PM | Attr = ]
avg7rsxp.sys -> %System32%\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 1/31/2008 9:49:22 PM | Attr = ]
avgclean.sys -> %System32%\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 1/31/2008 9:49:24 PM | Attr = ]
avgmfx86.sys -> %System32%\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 1/31/2008 9:49:22 PM | Attr = ]
avgtdi.sys -> %System32%\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 1/31/2008 9:49:22 PM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 1/27/2008 7:52:18 PM | Attr = ]
muwdfpxo.dat -> %System32%\drivers\muwdfpxo.dat -> [Ver = | Size = 19584 bytes | Modified Date = 2/4/2008 10:46:58 PM | Attr = ]
[File String Scan - Non-Microsoft Only]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 12:00:00 PM | Attr = ]
UPX! , FSG! , PEC2 , aspack , -> %System32%\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 1/31/2008 9:49:18 PM | Attr = ]
abetterinternet.com , web-nex , ad-w-a-r-e.com , -> %System32%\drivers\etc\hosts -> [Ver = | Size = 223945 bytes | Modified Date = 1/27/2008 7:52:18 PM | Attr = R ]
< End of report >
Any ideas?0
Comments
Advertisement