Jump to content


Photo

unable to use mozilla firefox


  • Please log in to reply
No replies to this topic

#1 yugen

yugen

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 25 July 2008 - 04:55 PM

whenever i open the firefox browser, the browser automatically gets terminated with an error message asking me to use ie
here is my hijackthis log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:11:48 AM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe
D:\RECYCLE\svchost.exe
D:\RECYCLE\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\DOCUME~1\Yugen\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tm.net.my/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - ???????????? - C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Stormser - ???? - C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe



Here is my combofix log:


ComboFix 08-07-24.6 - Yugen 2008-07-26 1:00:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.174 [GMT -7:00]
Running from: C:\Documents and Settings\Yugen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\heap41a
C:\heap41a\2.mp3
C:\heap41a\drivelist.txt
C:\heap41a\Icon.ico
C:\heap41a\offspring\autorun.inf
C:\heap41a\svchost.exe

----- BITS: Possible infected sites -----

http://acs.pandasoftware.com:80
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.

2008-07-25 09:26 . 2008-07-25 09:26 <DIR> dr------- C:\Documents and Settings\Yugen\Application Data\Brother
2008-07-24 02:04 . 2008-07-25 11:32 4,008 --a------ C:\WINDOWS\scad3.INI
2008-07-24 00:42 . 2008-07-24 00:42 <DIR> d-------- C:\Program Files\LTC
2008-07-20 23:37 . 2008-07-20 23:37 34 --a------ C:\WINDOWS\system32\BD2040.DAT
2008-07-16 22:15 . 2008-07-16 22:15 <DIR> d-------- C:\WINDOWS\Sun
2008-07-16 05:53 . 2008-07-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-13 14:48 . 2008-07-25 11:28 426 --a------ C:\WINDOWS\BRWMARK.INI
2008-07-13 12:34 . 2008-07-13 12:34 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\Media Player Classic
2008-07-13 12:31 . 2008-07-13 12:31 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\Application Data
2008-07-13 12:31 . 2008-07-13 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-07-12 20:17 . 2008-07-20 02:04 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\iWin
2008-07-12 20:17 . 2008-07-12 20:17 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\Eyeblaster
2008-07-12 18:14 . 2008-07-12 18:14 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\PlayFirst
2008-07-12 18:14 . 2008-07-12 18:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-07-12 12:09 . 2008-07-20 13:10 <DIR> d-------- C:\Documents and Settings\Yugen\Application Data\GameHouse
2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-07-12 12:09 . 2008-07-12 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Gogii
2008-07-12 12:06 . 2008-07-12 20:17 <DIR> d-------- C:\Program Files\GameHouse
2008-07-06 21:37 . 2008-07-06 21:37 19 --a------ C:\WINDOWS\popcinfo.dat
2008-07-05 11:23 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-07-05 11:23 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-06-28 23:50 . 2008-07-24 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 07:47 --------- d-----w C:\Documents and Settings\Yugen\Application Data\LimeWire
2008-07-06 19:24 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-06 19:24 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-06 19:24 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-29 06:53 --------- d-----w C:\Program Files\Google
2008-06-17 08:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 08:58 --------- d-----w C:\Program Files\Garena
2008-06-17 08:56 --------- d-----w C:\Program Files\M² Solutions, Inc
2008-06-17 07:23 --------- d-----w C:\Documents and Settings\Yugen\Application Data\AVGTOOLBAR
2008-06-17 07:00 --------- d-----w C:\Program Files\AVG
2008-06-17 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-06-17 06:50 --------- d-----w C:\Program Files\LEAD Technologies, Inc
2008-06-17 06:11 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-06-17 06:10 --------- d-----w C:\Program Files\Riva
2008-06-17 05:38 --------- d-----w C:\Documents and Settings\Yugen\Application Data\Hamachi
2008-06-10 03:51 83,312 ----a-w C:\WINDOWS\system32\LMMpg2Mx2.dll
2008-06-10 00:21 99,688 ----a-w C:\WINDOWS\system32\LMISODmx.dll
2008-06-09 22:44 419,176 ----a-w C:\WINDOWS\system32\LMMpgDmxT.dll
2008-06-09 22:44 402,792 ----a-w C:\WINDOWS\system32\LMMpgDmxP.dll
2008-06-04 17:26 202,088 ----a-w C:\WINDOWS\system32\LMVRsz2.dll
2008-06-03 16:39 390,504 ----a-w C:\WINDOWS\system32\lcodc26x2.dll
2008-06-03 16:32 464,232 ----a-w C:\WINDOWS\system32\LCODC26D2.dll
2008-06-02 21:36 259,432 ----a-w C:\WINDOWS\system32\LMVRGBxf.dll
2008-06-01 02:26 --------- d-----w C:\Documents and Settings\Yugen\Application Data\Winamp
2008-05-29 21:47 2,332,008 ----a-w C:\WINDOWS\system32\LEncMpg23.dll
2008-05-28 22:17 1,934,696 ----a-w C:\WINDOWS\system32\ltmm15.dll
2008-05-10 23:04 11 ----a-w C:\SelfTests.dat
2007-07-26 14:52 23,649,352 ----a-r C:\Program Files\avg75free_476a1048.exe
2006-10-06 07:37 227,840 ----a-r C:\Program Files\Trojan Guarder Full -ichigo-.exe
.

------- Sigcheck -------

2004-08-04 05:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-04 05:00 359040 6a2d53177c1eac531308708e65782304 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-04 21:33 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 02:06 1667584]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"%FP%TM Net fts.exe"="C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe" [2004-01-07 14:37 77312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 12:24 1232152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"winlogon"="D:\RECYCLE\svchost.exe" [2007-02-07 23:04 239104]

C:\Documents and Settings\Yugen\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-04-18 12:21:09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMP2.DLL
"vidc.L263"= lcodc26x2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Ringz Studio\\Storm Codec\\Storm.exe"=
"C:\\Program Files\\Ringz Studio\\Storm Codec\\stormliv.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 12:24]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 12:24]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 12:24]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 12:24]
R2 ccosm;Contrl Center of Storm Media;C:\Program Files\Ringz Studio\Storm Codec\stormliv.exe [2008-03-10 23:33]
R2 Stormser;Stormser;C:\PROGRA~1\RINGZS~1\STORMC~1\Stormser.exe [2008-06-20 12:35]
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2004-10-19 02:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26ae7fa3-01ce-11dd-a9df-00112fc52cf2}]
\Shell\AutoRun\command - p3r1ud.exe
\Shell\explore\Command - p3r1ud.exe
\Shell\open\Command - p3r1ud.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d7bb08d-e36d-11dc-a984-00112fc52cf2}]
\Shell\AutoRun\command - tmf3w3g0.com
\Shell\explore\Command - tmf3w3g0.com
\Shell\open\Command - tmf3w3g0.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fe115f6-e0db-11dc-a97c-00112fc52cf2}]
\Shell\AutoRun\command - password_viewer.exe %1
\Shell\Explore\command - password_viewer.exe %1
\Shell\Open\command - password_viewer.exe %1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b12d5648-e65e-11dc-a98c-00112fc52cf2}]
\Shell\AutoRun\command - q83iwmgf.bat
\Shell\explore\Command - q83iwmgf.bat
\Shell\open\Command - q83iwmgf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1508cc6-e52b-11dc-a987-00112fc52cf2}]
\Shell\AutoRun\command - K:\tmf3w3g0.com
\Shell\explore\Command - K:\tmf3w3g0.com
\Shell\open\Command - K:\tmf3w3g0.com
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.tm.net.my/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 01:03:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-26 1:05:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 08:05:35

Pre-Run: 6,712,545,280 bytes free
Post-Run: 7,255,302,144 bytes free

179




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users