Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help me please, IE/firefox hijacked
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 04-23-2007, 12:15 AM   #1 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 4
OS: XP


Help me please, IE/firefox hijacked
Hi ,

Please help ! My IE starts popping up suddenly with ads for some antivirus and tries to connect to some site. I use only firefox and sometimes even firefox opens up a new tab and tries to open to some antivirus site or throws some pop up saying my system is not protected. help !!!!!!!!!! I have done a scan using DSS and am pasting the output below, please advise. Thanks in advance.

Main.txt
---------

Deckard's System Scanner v20070411.38
Run by L Fernandez on 2007-04-21 at 23:29:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
16: 2007-04-21 18:00:21 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2007-04-21 09:10:39 UTC - RP15 - System Checkpoint
14: 2007-04-20 09:05:33 UTC - RP14 - System Checkpoint
13: 2007-04-19 08:18:32 UTC - RP13 - Installed Adobe Acrobat 6.0 Professional
12: 2007-04-18 17:41:38 UTC - RP12 - Installed mRouterRunTime


-- First Restore Point --
1: 2007-04-17 07:11:16 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as L Fernandez.exe) -----------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:32:09 PM, on 21/04/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Sony Ericsson\Mobile\SyncIndicator.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\L Fernandez\Desktop\dss.exe
C:\DOCUME~1\LFERNA~1\Desktop\L Fernandez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\ufglkode.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5AABC22B-4114-4725-8D78-F4C055964BE3} - C:\WINDOWS\system32\geeca.dll
O2 - BHO: (no name) - {9FE7CAAE-652B-48AE-833D-39B3D4AC9513} - C:\WINDOWS\system32\ljjhihf.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\L Fernandez\Application Data\Mozilla\Firefox\Profiles\iks74yzc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\L Fernandez\Application Data\Mozilla\Firefox\Profiles/iks74yzc.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: geeca - C:\WINDOWS\system32\geeca.dll
O20 - Winlogon Notify: ljjhihf - C:\WINDOWS\SYSTEM32\ljjhihf.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 tmcomm - c:\windows\system32\drivers\tmcomm.sys
R3 ac97intc (Intel(r) 82801 Audio Driver Install Service (WDM)) - c:\windows\system32\drivers\ac97intc.sys
R3 AN983 (ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter) - c:\windows\system32\drivers\an983.sys
R3 cwrwdm (SoundFusion(tm) WDM Driver) - c:\windows\system32\drivers\cwrwdm.sys
R3 FTDIBUS (SEMC DSS SyncStation Serial Converter Driver) - c:\windows\system32\drivers\ftdibus.sys
R3 FTLUND (Lundinova Filter Driver) - c:\windows\system32\drivers\ftlund.sys
R3 FTSER2K (SEMC DSS SyncStation Driver) - c:\windows\system32\drivers\ftser2k.sys
R3 i81x - c:\windows\system32\drivers\i81xnt5.sys

S3 iAimFP0 - c:\windows\system32\drivers\wadv01nt.sys
S3 iAimFP1 - c:\windows\system32\drivers\wadv02nt.sys
S3 iAimFP2 - c:\windows\system32\drivers\wadv05nt.sys
S3 iAimFP3 - c:\windows\system32\drivers\wsiintxx.sys
S3 iAimFP4 - c:\windows\system32\drivers\wvchntxx.sys
S3 iAimFP5 - c:\windows\system32\drivers\wadv07nt.sys
S3 iAimFP6 - c:\windows\system32\drivers\wadv08nt.sys
S3 iAimFP7 - c:\windows\system32\drivers\wadv09nt.sys
S3 iAimTV0 - c:\windows\system32\drivers\watv01nt.sys
S3 iAimTV1 - c:\windows\system32\drivers\watv02nt.sys
S3 iAimTV3 - c:\windows\system32\drivers\watv04nt.sys
S3 iAimTV4 - c:\windows\system32\drivers\wch7xxnt.sys
S3 iAimTV5 - c:\windows\system32\drivers\watv10nt.sys
S3 iAimTV6 - c:\windows\system32\drivers\watv06nt.sys
S3 NtApm (NT Apm/Legacy Interface Driver) - c:\windows\system32\drivers\ntapm.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe


-- Files created between 2007-03-21 and 2007-04-21 -----------------------------

2007-04-21 13:09:31 123972 --a------ C:\WINDOWS\system32\fqplbucf.dll
2007-04-20 18:24:42 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-20 18:21:01 0 d-------- C:\Documents and Settings\L Fernandez\.housecall6.6<HOUSEC~1.6>
2007-04-20 18:15:17 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-04-20 18:15:09 0 d-------- C:\WINDOWS\LastGood
2007-04-20 18:01:05 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-04-20 12:02:37 123972 --a------ C:\WINDOWS\system32\buqsvevb.dll
2007-04-19 18:48:08 48631 -ra------ C:\WINDOWS\system32\ftserui2.dll
2007-04-19 18:48:08 50396 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-04-19 18:48:08 6828 -ra------ C:\WINDOWS\system32\drivers\ftlund.sys
2007-04-19 18:46:31 414208 -ra------ C:\WINDOWS\system32\ftdiunin.exe
2007-04-19 18:46:30 19153 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-04-19 15:43:14 0 d-------- C:\WINDOWS\Sun
2007-04-19 15:43:13 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Sun
2007-04-19 13:57:07 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\AdobeUM
2007-04-19 13:55:12 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Adobe
2007-04-19 13:50:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-04-19 13:50:12 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-19 12:02:25 123972 --a------ C:\WINDOWS\system32\ygtvwcpi.dll
2007-04-19 12:02:16 49204 --a------ C:\WINDOWS\system32\ufglkode.dll
2007-04-19 12:02:15 501077 ---hs---- C:\WINDOWS\system32\aceeg.bak2<ACEEG~3.BAK>
2007-04-18 23:16:25 0 d-------- C:\WINDOWS\system32\LogFiles
2007-04-18 22:21:47 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Help
2007-04-18 20:52:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson<SONYER~1>
2007-04-18 20:45:11 0 d-------- C:\Program Files\Intuwave Ltd<INTUWA~1>
2007-04-18 20:43:37 232448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2007-04-18 20:43:36 215040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2007-04-18 20:43:23 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-04-18 20:43:21 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2007-04-18 20:42:07 1230336 --a------ C:\WINDOWS\system32\msxml4.dll
2007-04-18 20:42:02 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-04-18 20:42:00 44544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-04-18 20:41:59 0 d-------- C:\Program Files\Sony Ericsson<SONYER~1>
2007-04-18 20:41:48 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-18 20:36:39 0 d-------- C:\Program Files\Common Files\InstallShield<INSTAL~1>
2007-04-18 19:58:02 0 d-------- C:\Documents and Settings\NetworkService\Application DataPDFcreator<APPLIC~2>
2007-04-18 19:14:06 0 d-------- C:\Program Files\Common Files\Nero
2007-04-18 18:53:45 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe<NEROCH~1.EXE>
2007-04-18 18:50:18 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Ahead
2007-04-18 18:42:05 2969600 -----n--- C:\WINDOWS\UNNeroVision.exe<UNNERO~1.EXE>
2007-04-18 18:42:05 24064 -----n--- C:\WINDOWS\system32\msxml3a.dll
2007-04-18 18:38:15 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll
2007-04-18 18:38:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2007-04-18 18:38:14 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-18 18:38:14 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll
2007-04-18 18:38:14 476320 -----n--- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-18 18:38:13 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll
2007-04-18 18:38:12 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-18 18:38:11 38912 -----n--- C:\WINDOWS\system32\picn20.dll
2007-04-18 18:37:40 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-18 18:37:36 0 d-------- C:\Program Files\Ahead
2007-04-18 17:27:28 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-04-18 17:26:41 0 d-------- C:\WINDOWS\system32\softreg
2007-04-18 16:54:08 0 d-------- C:\Program Files\Ares
2007-04-18 16:28:48 0 d-------- C:\Documents and Settings\L Fernandez\Incomplete<INCOMP~1>
2007-04-18 16:22:14 0 d-------- C:\Program Files\Java
2007-04-18 16:12:13 0 d-------- C:\Program Files\Common Files\Java
2007-04-18 15:43:39 0 d-------- C:\Program Files\LimeWire
2007-04-18 15:35:43 0 d-------- C:\Documents and Settings\L Fernandez\.limewire<LIMEWI~1>
2007-04-18 15:01:39 0 d-------- C:\Program Files\Web Publish<WEBPUB~1>
2007-04-18 14:48:22 46352 --a------ C:\WINDOWS\setdebug.exe
2007-04-18 14:48:21 170256 --a------ C:\WINDOWS\system32\jit.dll
2007-04-18 14:48:20 139536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-18 14:48:20 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-18 14:48:19 313856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-18 14:47:10 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-18 14:47:10 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-18 14:47:10 152848 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-18 14:47:09 256272 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-18 14:47:09 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-18 14:47:08 933136 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-18 14:47:07 153872 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-18 14:47:07 158992 --a------ C:\WINDOWS\system32\jview.exe
2007-04-18 14:47:07 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-18 14:47:06 364304 --a------ C:\WINDOWS\system32\javart.dll
2007-04-18 14:47:06 34576 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-18 14:47:05 188176 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-18 14:47:03 49424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-18 12:38:03 0 d--hs---- C:\Recycled
2007-04-18 12:21:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-04-18 12:02:17 123972 --a------ C:\WINDOWS\system32\hyfqtxim.dll
2007-04-18 12:02:08 48708 --a------ C:\WINDOWS\system32\ufunbvkj.dll
2007-04-18 12:01:57 488357 ---hs---- C:\WINDOWS\system32\aceeg.bak1<ACEEG~2.BAK>
2007-04-18 12:01:05 281172 ---hs---- C:\WINDOWS\system32\geeca.dll
2007-04-18 11:55:53 26694 --a------ C:\WINDOWS\system32\ljjhihf.dll
2007-04-18 11:42:28 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\TextPad
2007-04-18 11:42:18 0 d-------- C:\Program Files\TextPad 4<TEXTPA~1>
2007-04-18 11:07:48 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\SmartFTP
2007-04-18 11:07:25 0 d-------- C:\Program Files\SmartFTP Client<SMARTF~1>
2007-04-17 20:08:46 17920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-17 2020 0 d-------- C:\Program Files\Microsoft.NET<MICROS~1.NET>
2007-04-17 2005 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~3>
2007-04-17 20:04:28 0 d-------- C:\WINDOWS\SHELLNEW
2007-04-17 20:00:58 0 dr-h----- C:\MSOCache
2007-04-17 19:55:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-04-17 19:41:05 0 d-------- C:\Program Files\Yahoo!
2007-04-17 19:25:10 1156 --a------ C:\WINDOWS\mozver.dat
2007-04-17 19:24:26 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Skype
2007-04-17 19:24:19 0 d-------- C:\Program Files\Common Files\Skype
2007-04-17 19:23:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-04-17 19:23:49 0 d-------- C:\Program Files\Skype
2007-04-17 19:12:41 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Talkback
2007-04-17 19:12:31 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-17 19:11:42 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 19:11:42 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 19:11:41 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 19:11:39 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 19:11:39 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 19:11:26 348160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-17 19:11:26 499712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-17 19:11:26 1060864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-17 19:11:26 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 19:11:26 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 19:11:17 0 d-------- C:\Program Files\Alwil Software<ALWILS~1>
2007-04-17 18:28:30 0 d---s---- C:\Documents and Settings\L Fernandez\UserData
2007-04-17 12:40:43 2097152 --ah----- C:\Documents and Settings\L Fernandez\NTUSER.DAT
2007-04-17 12:39:27 0 d-------- C:\WINDOWS\SoftwareDistribution<SOFTWA~1>
2007-04-17 12:39:27 0 d--hs---- C:\System Volume Information<SYSTEM~1>
2007-04-17 12:39:17 0 d-------- C:\WINDOWS\Prefetch
2007-04-17 12:39:15 786432 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-04-17 12:39:04 786432 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-04-17 12:27:13 0 d-------- C:\WINDOWS\system32\xircom
2007-04-17 12:27:13 0 d-------- C:\Program Files\microsoft frontpage<MICROS~1>
2007-04-17 12:26:12 245760 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-04-17 12:26:01 0 -rahs---- C:\MSDOS.SYS
2007-04-17 12:26:01 0 -rahs---- C:\IO.SYS
2007-04-17 12:26:01 0 --a------ C:\CONFIG.SYS
2007-04-17 12:26:01 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 12:25:28 112128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 12:23:17 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-04-17 12:22:50 0 dr------- C:\WINDOWS\Offline Web Pages<OFFLIN~1>
2007-04-17 12:22:50 0 d---s---- C:\WINDOWS\Downloaded Program Files<DOWNLO~1>
2007-04-17 12:21:45 0 d-------- C:\WINDOWS\system32\DirectX
2007-04-17 12:21:12 11264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 12:21:00 12288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 12:20:58 64512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 12:20:53 0 d---s---- C:\WINDOWS\Tasks
2007-04-17 12:20:53 16384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 12:20:52 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 12:20:48 0 d-------- C:\WINDOWS\srchasst
2007-04-17 12:20:47 0 d-------- C:\WINDOWS\system32\Macromed
2007-04-17 12:20:43 18944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-17 12:20:43 378368 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 12:20:43 7168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-17 12:20:43 8192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-17 12:20:38 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-17 12:20:32 45568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 12:20:32 29696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 12:20:32 43520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 12:20:32 43520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 12:20:28 22528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-17 12:20:28 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-17 12:20:28 119680 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-17 12:20:27 170496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 12:20:27 239104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 12:20:27 67584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 12:20:27 0 d-------- C:\WINDOWS\system32\Restore
2007-04-17 12:20:27 73472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 12:20:25 24576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 12:20:25 32768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 12:20:25 34560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 12:20:25 32768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 12:20:25 81920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 12:20:24 69632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 12:20:21 105984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 12:20:21 252928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 12:20:20 48128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 12:20:20 673792 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 12:20:17 190976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 12:20:17 12288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 12:20:17 297984 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 12:20:16 81920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 12:20:16 274432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 12:20:16 65536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 12:20:16 69632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 12:18:42 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat<EMPTYR~1.DAT>
2007-04-17 12:18:09 0 d-------- C:\WINDOWS\Registration<REGIST~1>
2007-04-17 12:17:55 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-04-17 12:17:54 0 d-------- C:\Program Files\Online Services<ONLINE~1>
2007-04-17 12:17:39 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-04-17 12:17:33 5632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 12:17:33 0 d-------- C:\Program Files\MSN Gaming Zone<MSNGAM~1>
2007-04-17 12:17:17 138752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 12:17:16 44544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 12:17:16 73216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 12:17:16 227840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 12:17:16 16384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 12:17:15 35328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 12:17:05 605696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 12:17:04 56832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 12:17:04 80384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 12:17:04 114688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 12:17:03 119808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 12:17:03 126976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 12:17:02 1161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 12:17:02 16896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 12:17:02 16384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 12:17:02 9728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 12:17:02 55296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 12:17:02 20232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 12:17:02 11144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 12:17:01 14848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 12:17:01 14848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 12:17:01 14848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 12:17:01 15872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 12:17:01 33792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 12:17:01 4096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 12:17:01 22016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 12:17:00 16896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 12:17:00 20992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 12:17:00 15360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 12:17:00 15872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 12:16:59 5120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 12:16:58 54272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 12:16:58 25088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 12:16:58 4096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 12:16:58 20480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 12:16:58 147456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 12:16:58 82432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 12:16:58 25600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 12:16:36 183808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 12:16:35 131584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 12:16:35 123392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 12:16:35 345088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 12:16:35 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-17 12:16:34 101376 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-17 12:16:34 115200 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-17 12:16:34 538624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 12:16:34 343040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 12:16:34 102912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 12:16:33 29696 --a------ C:\WINDOWS\system32\wups.dll
2007-04-17 12:16:33 8192 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 12:16:33 192512 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-17 12:16:33 979456 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 12:16:32 166400 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-17 12:16:32 111616 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 12:16:32 457216 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-17 12:16:31 93696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 12:16:31 655360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 12:16:31 407552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 12:16:31 127496 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 12:16:30 44544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 12:16:30 140800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 12:16:30 59904 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 12:16:30 67072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 12:16:30 13824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 12:16:30 147968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 12:16:29 294400 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 12:16:29 86664 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 12:16:29 19968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 12:16:29 62464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 12:16:29 20480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 12:16:29 11264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 12:16:28 101376 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 12:16:28 227840 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 12:16:28 623616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 12:16:28 0 d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 12:16:28 38400 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 12:16:27 13312 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 12:16:27 1554432 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 12:16:27 86016 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 12:16:27 6656 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 12:16:26 0 d-------- C:\WINDOWS\system32\Com
2007-04-17 12:16:26 84992 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 12:16:25 154624 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 12:16:25 908288 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 12:16:25 114176 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 12:16:25 310784 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 12:16:24 746496 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 12:16:24 1653760 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 12:16:24 694272 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 12:16:15 56320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 12:16:15 17408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 12:16:15 67072 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 12:16:14 184832 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 12:16:11 197120 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 12:16:10 40712 --a------ C:\WINDOWS\system32\drivers\termdd.sys


-- Find3M Report ---------------------------------------------------------------

2007-04-17 19:25:50 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Macromedia<MACROM~1>
2007-04-17 19:12:24 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Mozilla
2007-04-17 12:41:00 0 d-------- C:\Documents and Settings\L Fernandez\Application Data\Identities<IDENTI~1>


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"="C:\\Documents and Settings\\L Fernandez\\Application Data\\Mozilla\\Firefox\\Profiles\\iks74yzc.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath=\"C:\\Documents and Settings\\L Fernandez\\Application Data\\Mozilla\\Firefox\\Profiles/iks74yzc.default\\extensions\\{B13721C7-F507-4982-B2E5-502A71474FED}\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{9FE7CAAE-652B-48AE-833D-39B3D4AC9513}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geeca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhihf

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_TMCOMM


-- End of Deckard's System Scanner: finished at 2007-04-21 at 23:33:09 ---------







Extra.txt
---------

Deckard's System Scanner v20070411.38
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 254.55 MiB / 100.63 MiB
Pagefile Memory (total/avail): 1008.12 MiB / 748.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1999.31 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 9.02 GiB total, 4.23 GiB free.
D: is Fixed (FAT32) - 9.6 GiB total, 2.81 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\L Fernandez\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANALYSE
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\L Fernandez
LOGONSERVER=\\ANALYSE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\LFERNA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\LFERNA~1\LOCALS~1\Temp
USERDOMAIN=ANALYSE
USERNAME=L Fernandez
USERPROFILE=C:\Documents and Settings\L Fernandez
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

L Fernandez (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Ares 2.0.8 --> "C:\Program Files\Ares\uninstall.exe"
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
HijackThis 1.99.1 --> C:\Documents and Settings\L Fernandez\Desktop\HijackThis.exe /uninstall
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
SEMC DSS SyncStation Driver --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Skype 3.1 --> "C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sony Ericsson PC Suite 3.2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC18114B-05A0-11D6-8140-000102E745A6}\Setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TextPad 4.7 --> MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG


-- End of Deckard's System Scanner: finished at 2007-04-21 at 23:33:09 ---------
lyfelyke is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 04-23-2007, 08:16 AM   #2 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: Help me please, IE/firefox hijacked
Hello lyfelyke and welcome to TSF,

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you at C:\ComboFix.txt. I'll need that in your next reply along with a new HijackThis log.


Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-23-2007, 09:50 AM   #3 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 4
OS: XP


Re: Help me please, IE/firefox hijacked
Thank you so much !! I did the needful as advised by you. Please find below the resultant log file.

ComboFix.txt file
--------------------

"L Fernandez" - 07-04-23 2122 Service Pack 2, v.2096
ComboFix 07-04-22.6V - Running from: "C:\Documents and Settings\L Fernandez\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\hyfqtxim.dll
C:\WINDOWS\system32\ygtvwcpi.dll
C:\WINDOWS\system32\niabvbid.dll
C:\WINDOWS\system32\buqsvevb.dll
C:\WINDOWS\system32\fqplbucf.dll
C:\WINDOWS\system32\ufunbvkj.dll
C:\WINDOWS\system32\voembqtc.dll
C:\WINDOWS\system32\dibvbain.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((( Files Created from 2007-03-23 to 2007-04-23 ))))))))))))))))))))))))))))))))))


2007-04-23 20:10 <DIR> d--hs---- C:\FOUND.000
2007-04-22 04:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-04-21 23:29 <DIR> d-------- C:\Deckard
2007-04-20 18:24 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-20 18:21 <DIR> d-------- C:\DOCUME~1\LFERNA~1\.housecall6.6
2007-04-20 18:15 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-20 18:01 <DIR> d-------- C:\VundoFix Backups
2007-04-19 18:48 6,828 -ra------ C:\WINDOWS\system32\drivers\ftlund.sys
2007-04-19 18:48 50,396 -ra------ C:\WINDOWS\system32\drivers\ftser2k.sys
2007-04-19 18:48 48,631 -ra------ C:\WINDOWS\system32\ftserui2.dll
2007-04-19 18:46 414,208 -ra------ C:\WINDOWS\system32\ftdiunin.exe
2007-04-19 18:46 19,153 -ra------ C:\WINDOWS\system32\drivers\ftdibus.sys
2007-04-19 13:57 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\AdobeUM
2007-04-19 12:02 502,860 ---hs---- C:\WINDOWS\system32\aceeg.bak2
2007-04-18 23:16 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-18 22:21 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Help
2007-04-18 20:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
2007-04-18 20:45 <DIR> d-------- C:\Program Files\Intuwave Ltd
2007-04-18 20:43 44,304 --a------ C:\WINDOWS\system32\msrpfs35.dll
2007-04-18 20:43 39,424 --a------ C:\WINDOWS\system32\JETCOMP.exe
2007-04-18 20:43 232,448 --a------ C:\WINDOWS\system32\HDK3CT32.DLL
2007-04-18 20:43 215,040 --a------ C:\WINDOWS\system32\HDK3CTNT.DLL
2007-04-18 20:42 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-04-18 20:42 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-04-18 20:42 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2007-04-18 20:41 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-04-18 20:41 <DIR> d-------- C:\Program Files\Sony Ericsson
2007-04-18 20:36 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-04-18 19:58 <DIR> d-------- C:\DOCUME~1\NETWOR~1\Application DataPDFcreator
2007-04-18 19:14 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-04-18 18:53 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-04-18 18:50 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Ahead
2007-04-18 18:42 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-04-18 18:42 2,969,600 --------- C:\WINDOWS\UNNeroVision.exe
2007-04-18 18:38 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-04-18 18:38 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-04-18 18:38 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-04-18 18:38 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-04-18 18:38 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-04-18 18:38 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-04-18 18:38 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-04-18 18:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-04-18 18:37 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-04-18 18:37 <DIR> d-------- C:\Program Files\Ahead
2007-04-18 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-04-18 17:26 <DIR> d-------- C:\WINDOWS\system32\softreg
2007-04-18 16:54 <DIR> d-------- C:\Program Files\Ares
2007-04-18 16:28 <DIR> d-------- C:\DOCUME~1\LFERNA~1\Incomplete
2007-04-18 15:43 <DIR> d-------- C:\Program Files\LimeWire
2007-04-18 15:35 <DIR> d-------- C:\DOCUME~1\LFERNA~1\.limewire
2007-04-18 15:01 <DIR> d-------- C:\Program Files\Web Publish
2007-04-18 14:48 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-18 14:48 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-18 14:48 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-18 14:48 170,256 --a------ C:\WINDOWS\system32\jit.dll
2007-04-18 14:48 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-18 14:47 933,136 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-18 14:47 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-18 14:47 364,304 --a------ C:\WINDOWS\system32\javart.dll
2007-04-18 14:47 34,576 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-18 14:47 256,272 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-18 14:47 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-18 14:47 188,176 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-18 14:47 158,992 --a------ C:\WINDOWS\system32\jview.exe
2007-04-18 14:47 153,872 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-18 14:47 152,848 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-18 14:47 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-18 14:47 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-18 14:47 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-18 12:38 <DIR> d--hs---- C:\Recycled
2007-04-18 12:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-18 12:01 488,357 ---hs---- C:\WINDOWS\system32\aceeg.bak1
2007-04-18 11:42 <DIR> d-------- C:\Program Files\TextPad 4
2007-04-18 11:42 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\TextPad
2007-04-18 11:07 <DIR> d-------- C:\Program Files\SmartFTP Client
2007-04-18 11:07 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\SmartFTP
2007-04-17 20:08 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-04-17 20:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-04-17 20:06 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-04-17 20:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-04-17 20:00 <DIR> dr-h----- C:\MSOCache
2007-04-17 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-04-17 19:41 <DIR> d-------- C:\Program Files\Yahoo!
2007-04-17 19:25 1,156 --a------ C:\WINDOWS\mozver.dat
2007-04-17 19:24 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-04-17 19:24 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Skype
2007-04-17 19:23 <DIR> d-------- C:\Program Files\Skype
2007-04-17 19:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-04-17 19:12 0 --a------ C:\WINDOWS\nsreg.dat
2007-04-17 19:12 <DIR> d-------- C:\DOCUME~1\LFERNA~1\APPLIC~1\Talkback
2007-04-17 19:11 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 19:11 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 19:11 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 19:11 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 19:11 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2007-04-17 19:11 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 19:11 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2007-04-17 19:11 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 19:11 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 19:11 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-17 19:11 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-17 18:28 <DIR> d---s---- C:\DOCUME~1\LFERNA~1\UserData
2007-04-17 12:40 2,097,152 --ah----- C:\DOCUME~1\LFERNA~1\NTUSER.DAT
2007-04-17 12:39 786,432 --ah----- C:\DOCUME~1\NETWOR~1\NTUSER.DAT
2007-04-17 12:39 786,432 --ah----- C:\DOCUME~1\LOCALS~1\NTUSER.DAT
2007-04-17 12:39 <DIR> d--hs---- C:\System Volume Information
2007-04-17 12:39 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2007-04-17 12:39 <DIR> d-------- C:\WINDOWS\Prefetch
2007-04-17 12:27 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-04-17 12:27 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-04-17 12:26 245,760 ---h----- C:\DOCUME~1\DEFAUL~1\NTUSER.DAT
2007-04-17 12:26 0 -rahs---- C:\MSDOS.SYS
2007-04-17 12:26 0 -rahs---- C:\IO.SYS
2007-04-17 12:26 0 --a------ C:\CONFIG.SYS
2007-04-17 12:26 0 --a------ C:\AUTOEXEC.BAT
2007-04-17 12:25 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2007-04-17 12:23 <DIR> d--hs---- C:\DOCUME~1\ALLUSE~1\DRM
2007-04-17 12:22 <DIR> dr------- C:\WINDOWS\Offline Web Pages
2007-04-17 12:22 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2007-04-17 12:21 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2007-04-17 12:21 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2007-04-17 12:21 <DIR> d-------- C:\WINDOWS\system32\DirectX
2007-04-17 12:20 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2007-04-17 12:20 81,920 --a------ C:\WINDOWS\system32\ils.dll
2007-04-17 12:20 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2007-04-17 12:20 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2007-04-17 12:20 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2007-04-17 12:20 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2007-04-17 12:20 69,632 --a------ C:\WINDOWS\system32\icwdial.dll
2007-04-17 12:20 673,792 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-17 12:20 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2007-04-17 12:20 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2007-04-17 12:20 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2007-04-17 12:20 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2007-04-17 12:20 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2007-04-17 12:20 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2007-04-17 12:20 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2007-04-17 12:20 378,368 --a------ C:\WINDOWS\system32\qmgr.dll
2007-04-17 12:20 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2007-04-17 12:20 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2007-04-17 12:20 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2007-04-17 12:20 297,984 --a------ C:\WINDOWS\system32\mstask.dll
2007-04-17 12:20 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2007-04-17 12:20 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2007-04-17 12:20 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2007-04-17 12:20 24,576 --a------ C:\WINDOWS\system32\nmmkcert.dll
2007-04-17 12:20 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2007-04-17 12:20 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2007-04-17 12:20 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2007-04-17 12:20 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-04-17 12:20 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2007-04-17 12:20 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2007-04-17 12:20 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2007-04-17 12:20 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2007-04-17 12:20 119,680 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2007-04-17 12:20 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2007-04-17 12:20 <DIR> d---s---- C:\WINDOWS\Tasks
2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\system32\Restore
2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\system32\Macromed
2007-04-17 12:20 <DIR> d-------- C:\WINDOWS\srchasst
2007-04-17 12:20 <DIR> d-------- C:\Program Files\Movie Maker
2007-04-17 12:20 <DIR> d-------- C:\Program Files\Common Files\MSSoap
2007-04-17 12:18 21,640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-04-17 12:18 <DIR> d-------- C:\WINDOWS\Registration
2007-04-17 12:17 9,728 --a------ C:\WINDOWS\system32\reset.exe
2007-04-17 12:17 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2007-04-17 12:17 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2007-04-17 12:17 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2007-04-17 12:17 56,832 --a------ C:\WINDOWS\system32\sol.exe
2007-04-17 12:17 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2007-04-17 12:17 5,632 --a------ C:\WINDOWS\system32\write.exe
2007-04-17 12:17 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2007-04-17 12:17 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2007-04-17 12:17 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2007-04-17 12:17 33,792 --a------ C:\WINDOWS\system32\regini.exe
2007-04-17 12:17 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2007-04-17 12:17 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2007-04-17 12:17 20,992 --a------ C:\WINDOWS\system32\msg.exe
2007-04-17 12:17 20,232 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2007-04-17 12:17 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2007-04-17 12:17 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2007-04-17 12:17 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2007-04-17 12:17 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2007-04-17 12:17 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2007-04-17 12:17 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2007-04-17 12:17 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2007-04-17 12:17 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2007-04-17 12:17 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2007-04-17 12:17 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2007-04-17 12:17 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2007-04-17 12:17 114,688 --a------ C:\WINDOWS\system32\calc.exe
2007-04-17 12:17 11,144 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2007-04-17 12:17 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2007-04-17 12:17 <DIR> d--h----- C:\Program Files\WindowsUpdate
2007-04-17 12:17 <DIR> d-------- C:\Program Files\Online Services
2007-04-17 12:17 <DIR> d-------- C:\Program Files\MSN Gaming Zone
2007-04-17 12:17 <DIR> d-------- C:\Program Files\Messenger
2007-04-17 12:16 979,456 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-04-17 12:16 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2007-04-17 12:16 908,288 --a------ C:\WINDOWS\system32\catsrvut.dll
2007-04-17 12:16 86,664 --a------ C:\WINDOWS\system32\rdpwsx.dll
2007-04-17 12:16 86,016 --a------ C:\WINDOWS\system32\msdtclog.dll
2007-04-17 12:16 84,992 --a------ C:\WINDOWS\system32\colbact.dll
2007-04-17 12:16 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2007-04-17 12:16 8,192 --a------ C:\WINDOWS\system32\wuauserv.dll
2007-04-17 12:16 746,496 --a------ C:\WINDOWS\system32\comuid.dll
2007-04-17 12:16 694,272 --a------ C:\WINDOWS\system32\clbcatq.dll
2007-04-17 12:16 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2007-04-17 12:16 67,072 --a------ C:\WINDOWS\system32\licwmi.dll
2007-04-17 12:16 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2007-04-17 12:16 623,616 --a------ C:\WINDOWS\system32\msdtcprx.dll
2007-04-17 12:16 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2007-04-17 12:16 6,656 --a------ C:\WINDOWS\system32\msdtc.exe
2007-04-17 12:16 59,904 --a------ C:\WINDOWS\system32\remotepg.dll
2007-04-17 12:16 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2007-04-17 12:16 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2007-04-17 12:16 538,624 --a------ C:\WINDOWS\system32\spider.exe
2007-04-17 12:16 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2007-04-17 12:16 457,216 --a------ C:\WINDOWS\system32\wuapi.dll
2007-04-17 12:16 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2007-04-17 12:16 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2007-04-17 12:16 40,712 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2007-04-17 12:16 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2007-04-17 12:16 38,400 --a------ C:\WINDOWS\system32\cfgbkend.dll
2007-04-17 12:16 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2007-04-17 12:16 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2007-04-17 12:16 310,784 --a------ C:\WINDOWS\system32\catsrv.dll
2007-04-17 12:16 294,400 --a------ C:\WINDOWS\system32\termsrv.dll
2007-04-17 12:16 29,696 --a------ C:\WINDOWS\system32\wups.dll
2007-04-17 12:16 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2007-04-17 12:16 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2007-04-17 12:16 227,840 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2007-04-17 12:16 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2007-04-17 12:16 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2007-04-17 12:16 197,120 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2007-04-17 12:16 192,512 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-04-17 12:16 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2007-04-17 12:16 184,832 --a------ C:\WINDOWS\system32\cmprops.dll
2007-04-17 12:16 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2007-04-17 12:16 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2007-04-17 12:16 166,400 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-04-17 12:16 154,624 --a------ C:\WINDOWS\system32\clbcatex.dll
2007-04-17 12:16 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2007-04-17 12:16 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2007-04-17 12:16 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2007-04-17 12:16 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2007-04-17 12:16 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2007-04-17 12:16 13,312 --a------ C:\WINDOWS\system32\xolehlp.dll
2007-04-17 12:16 127,496 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2007-04-17 12:16 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2007-04-17 12:16 115,200 --a------ C:\WINDOWS\system32\wucltui.dll
2007-04-17 12:16 114,176 --a------ C:\WINDOWS\system32\catsrvps.dll
2007-04-17 12:16 111,616 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-04-17 12:16 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2007-04-17 12:16 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2007-04-17 12:16 101,376 --a------ C:\WINDOWS\system32\wuweb.dll
2007-04-17 12:16 101,376 --a------ C:\WINDOWS\system32\mtxoci.dll
2007-04-17 12:16 1,653,760 --a------ C:\WINDOWS\system32\comsvcs.dll
2007-04-17 12:16 1,554,432 --a------ C:\WINDOWS\system32\msdtctm.dll
2007-04-17 12:16 <DIR> d-------- C:\WINDOWS\system32\MsDtc
2007-04-17 12:16 <DIR> d-------- C:\WINDOWS\system32\Com
2007-04-17 12:16 <DIR> d-------- C:\Program Files\Windows NT


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))




(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\voembqtc.dll [x]
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{AE7CD045-E861-484f-8273-0445EE161910} C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-04-23 21:08:24
Windows 5.1.2600 Service Pack 2, v.2096 FAT

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 07-04-23 21:08:30
C:\ComboFix-quarantined-files.txt ... 07-04-23 21:08



ComboFix-quarantined-files.txt
------------------------------

Code:
07-04-18 12:02      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\hyfqtxim.dll.vir
07-04-18 12:02      48708    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ufunbvkj.dll.vir
07-04-19 12:02      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\ygtvwcpi.dll.vir
07-04-20 12:02      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\buqsvevb.dll.vir
07-04-21 13:09      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\fqplbucf.dll.vir
07-04-23 19:00      123972    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\niabvbid.dll.vir
07-04-23 20:25      49204    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\voembqtc.dll.vir
07-04-23 20:28      1537537    --a------    C:\Qoobox\Quarantine\C\WINDOWS\system32\dibvbain.ini.vir


Folder PATH listing
Volume serial number is 704A-A4CD
C:\QOOBOX
\---Quarantine
    +---Registry_backups
    \---C
        \---WINDOWS
            \---system32
                    hyfqtxim.dll.vir
                    ygtvwcpi.dll.vir
                    niabvbid.dll.vir
                    buqsvevb.dll.vir
                    fqplbucf.dll.vir
                    ufunbvkj.dll.vir
                    voembqtc.dll.vir
                    dibvbain.ini.vir


hijackthis.log
-------------

Logfile of HijackThis v1.99.1
Scan saved at 9:10:05 PM, on 23/04/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\L Fernandez\Desktop\L Fernandez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\voembqtc.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
lyfelyke is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-23-2007, 08:34 PM   #4 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: Help me please, IE/firefox hijacked
Hiya,

It's looking better. Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

From Normal Mode:

Close any open browsers, then open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry:

O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\voembqtc.dll (file missing)

Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folder

C:\ VundoFix Backups
C:\WINDOWS\system32\ aceeg.bak2
C:\WINDOWS\system32\ aceeg.bak1

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-24-2007, 02:41 AM   #5 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 4
OS: XP


Re: Help me please, IE/firefox hijacked
Hi,

I did the needful. Please find the resultant log files below

Panda Results


Incident Status Location

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NIRCMD.EXE
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\L Fernandez\Desktop\ComboFix.exe[ComboFixT\nircmd.cfexe]
Spyware:Cookie/Apmebf Not disinfected C:\FOUND.000\FILE0001.CHK[.apmebf.com/]
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\hyfqtxim.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ygtvwcpi.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\niabvbid.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\buqsvevb.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fqplbucf.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ufunbvkj.dll.vir
Spyware:Spyware/Virtumonde Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\voembqtc.dll.vir



Hijackthis.log

Logfile of HijackThis v1.99.1
Scan saved at 2:07:30 PM, on 24/04/2007
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Sony Ericsson\Mobile\SyncIndicator.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\L Fernandez\Desktop\L Fernandez.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{CAFC7C07-15CD-49B2-9005-BB83F2BDC543}: NameServer = 125.22.47.125,202.56.250.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

System Behaviour

So far so good. Don't see any pop ups or so. But not sure if it is stable still.

Thank you so much. What do i do next ??
lyfelyke is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-24-2007, 06:05 PM   #6 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: Help me please, IE/firefox hijacked
You're welcome. It should be stable--your logs are clean.

Delete this folder:

C:\QooBox

Pplease continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)
  • Now navigate to C:\ie-spyad. Double click to open it.
  • From within the folder, double-click install.bat
  • Select Option #2 - Install the new IE-SPYAD list, by typing 2
  • Then return to the main menu.
  • Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-24-2007, 11:02 PM   #7 (permalink)
Registered User
 
Join Date: Apr 2007
Posts: 4
OS: XP


Thumbs Up Re: Help me please, IE/firefox hijacked
Hi,

Absolutely no issues so far, system is running smoothly. Thank you, thank you, thank you so much.



I have downloaded and installed and did all that you have instructed me to do.

Thanks a ton again.

Regards
L Fernandez
lyfelyke is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 04-26-2007, 03:58 PM   #8 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,596
OS: WinXP and Vista


Re: Help me please, IE/firefox hijacked
You're most welcome. Stay safe out there.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:32 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85