• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
yugen

unable to use mozilla firefox

1 post in this topic

whenever i open the firefox browser, the browser automatically gets terminated with an error message asking me to use ie

here is my hijackthis log file:

 

Logfile of HijackThis v1.99.1

Scan saved at 1:11:48 AM, on 7/26/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe

D:\RECYCLE\svchost.exe

D:\RECYCLE\svchost.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\DOCUME~1\Yugen\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tm.net.my/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe

 

 

 

Here is my combofix log:

 

 

ComboFix 08-07-24.6 - Yugen 2008-07-26 1:00:56.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.174 [GMT -7:00]

Running from: C:\Documents and Settings\Yugen\Desktop\ComboFix.exe

* Created a new restore point

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

C:\heap41a

C:\heap41a\2.mp3

C:\heap41a\drivelist.txt

C:\heap41a\Icon.ico

C:\heap41a\offspring\autorun.inf

C:\heap41a\svchost.exe

 

----- BITS: Possible infected sites -----

 

http://acs.pandasoftware.com:80

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

 

 

((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))

.

 

2008-07-25 09:26 . 2008-07-25 09:26 <DIR> dr------- C:\Documents and Settings\Yugen\Application Data\Brother

2008-07-24 02:04 . 2008-07-25 11:32 4,008 --a------ C:\WINDOWS\scad3.INI

2008-07-24 00:42 . 2008-07-24 00:42 <DIR> d-------- C:\Program Files\LTC

2008-07-20 23:37 . 2008-07-20 23:37 34 --a------ C:\WINDOWS\system32\BD2040.DAT

2008-07-16 22:15 . 2008-07-16 22:15 <DIR> d-------- C:\WINDOWS\Sun

2008-07-16 05:53 . 2008-07-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip

2008-07-13 14:48 . 2008-07-25 11:28 426 --a------ C:\WINDOWS\BRWMARK.INI

2008-07-13 12:34 . 2008-07-13 12:34 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\Media Player Classic

2008-07-13 12:31 . 2008-07-13 12:31 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\Application Data

2008-07-13 12:31 . 2008-07-13 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm

2008-07-12 20:17 . 2008-07-20 02:04 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\iWin

2008-07-12 20:17 . 2008-07-12 20:17 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\Eyeblaster

2008-07-12 18:14 . 2008-07-12 18:14 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\PlayFirst

2008-07-12 18:14 . 2008-07-12 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

2008-07-12 12:09 . 2008-07-20 13:10 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\GameHouse

2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9

2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii

2008-07-12 12:06 . 2008-07-12 20:17 <DIR> d-------- C:\Program Files\GameHouse

2008-07-06 21:37 . 2008-07-06 21:37 19 --a------ C:\WINDOWS\popcinfo.dat

2008-07-05 11:23 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-07-05 11:23 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-06-28 23:50 . 2008-07-24 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-26 07:47 --------- d-----w C:\Documents and Settings\Yugen\Application Data\LimeWire

2008-07-06 19:24 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys

2008-07-06 19:24 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys

2008-07-06 19:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll

2008-06-29 06:53 --------- d-----w C:\Program Files\Google

2008-06-17 08:58 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-06-17 08:58 --------- d-----w C:\Program Files\Garena

2008-06-17 08:56 --------- d-----w C:\Program Files\M² Solutions, Inc

2008-06-17 07:23 --------- d-----w C:\Documents and Settings\Yugen\Application Data\AVGTOOLBAR

2008-06-17 07:00 --------- d-----w C:\Program Files\AVG

2008-06-17 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8

2008-06-17 06:50 --------- d-----w C:\Program Files\LEAD Technologies, Inc

2008-06-17 06:11 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-06-17 06:10 --------- d-----w C:\Program Files\Riva

2008-06-17 05:38 --------- d-----w C:\Documents and Settings\Yugen\Application Data\Hamachi

2008-06-10 03:51 83,312 ----a-w C:\WINDOWS\system32\LMMpg2Mx2.dll

2008-06-10 00:21 99,688 ----a-w C:\WINDOWS\system32\LMISODmx.dll

2008-06-09 22:44 419,176 ----a-w C:\WINDOWS\system32\LMMpgDmxT.dll

2008-06-09 22:44 402,792 ----a-w C:\WINDOWS\system32\LMMpgDmxP.dll

2008-06-04 17:26 202,088 ----a-w C:\WINDOWS\system32\LMVRsz2.dll

2008-06-03 16:39 390,504 ----a-w C:\WINDOWS\system32\lcodc26x2.dll

2008-06-03 16:32 464,232 ----a-w C:\WINDOWS\system32\LCODC26D2.dll

2008-06-02 21:36 259,432 ----a-w C:\WINDOWS\system32\LMVRGBxf.dll

2008-06-01 02:26 --------- d-----w C:\Documents and Settings\Yugen\Application Data\Winamp

2008-05-29 21:47 2,332,008 ----a-w C:\WINDOWS\system32\LEncMpg23.dll

2008-05-28 22:17 1,934,696 ----a-w C:\WINDOWS\system32\ltmm15.dll

2008-05-10 23:04 11 ----a-w C:\SelfTests.dat

2007-07-26 14:52 23,649,352 ----a-r C:\Program Files\avg75free_476a1048.exe

2006-10-06 07:37 227,840 ----a-r C:\Program Files\Trojan Guarder Full -ichigo-.exe

.

 

------- Sigcheck -------

 

2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys

2004-08-04 05:00 359040 6a2d53177c1eac531308708e65782304 C:\WINDOWS\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 21:33 68856]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06 1667584]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"%FP%TM Net fts.exe"="C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe" [2004-01-07 14:37 77312]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 12:24 1232152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]

"winlogon"="D:\RECYCLE\svchost.exe" [2007-02-07 23:04 239104]

 

C:\Documents and Settings\Yugen\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 12:21:09 147456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.LEAD"= LCODCCMP2.DLL

"vidc.L263"= lcodc26x2.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"C:\\Program Files\\Ringz Studio\\Storm Codec\\Storm.exe"=

"C:\\Program Files\\Ringz Studio\\Storm Codec\\stormliv.exe"=

 

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 12:24]

R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 12:24]

R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 12:24]

R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 12:24]

R2 ccosm;Contrl Center of Storm Media;C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe [2008-03-10 23:33]

R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 12:35]

R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2004-10-19 02:18]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26ae7fa3-01ce-11dd-a9df-00112fc52cf2}]

\Shell\AutoRun\command - p3r1ud.exe

\Shell\explore\Command - p3r1ud.exe

\Shell\open\Command - p3r1ud.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d7bb08d-e36d-11dc-a984-00112fc52cf2}]

\Shell\AutoRun\command - tmf3w3g0.com

\Shell\explore\Command - tmf3w3g0.com

\Shell\open\Command - tmf3w3g0.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fe115f6-e0db-11dc-a97c-00112fc52cf2}]

\Shell\AutoRun\command - password_viewer.exe %1

\Shell\Explore\command - password_viewer.exe %1

\Shell\Open\command - password_viewer.exe %1

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b12d5648-e65e-11dc-a98c-00112fc52cf2}]

\Shell\AutoRun\command - q83iwmgf.bat

\Shell\explore\Command - q83iwmgf.bat

\Shell\open\Command - q83iwmgf.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1508cc6-e52b-11dc-a987-00112fc52cf2}]

\Shell\AutoRun\command - K:\tmf3w3g0.com

\Shell\explore\Command - K:\tmf3w3g0.com

\Shell\open\Command - K:\tmf3w3g0.com

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.tm.net.my/

R0 -: HKCU-Main,Search Page = hxxp://www.google.com

R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie

R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie

R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie

R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s

R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

 

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-26 01:03:37

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

C:\Program Files\AVG\AVG8\avgrsx.exe

.

**************************************************************************

.

Completion time: 2008-07-26 1:05:41 - machine was rebooted

ComboFix-quarantined-files.txt 2008-07-26 08:05:35

 

Pre-Run: 6,712,545,280 bytes free

Post-Run: 7,255,302,144 bytes free

 

179

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0