Download Adware Away
Adware Away homepage
AdFirewall
Prevent your computer from being infected by spyware!
Sponser's Link
Advertise on this site
User Name:  Password:  
Forget password?
Sign up
 
Welcome to Adware Away support forum
 Adware Away support forum --> Malware Removal (Adware Away log file) --> Homepage is redirected to http://secureiepage.com
 
Topic: Homepage is redirected to http://secureiepage.com  ( This topic has been resolved and closed for new reply )
 
peter
3/12/2007 12:23:08 PM   
 
General User
Level: 1
Joined: 3/12/2007 11:07:26 AM
Every time I open IE, it redirects me to http://secureiepage.com , it gives me a trojan infection alert stating my computer is infected by "W32.Myzor.FK@yf" trojan ?? My Adware Away log file is attached below, any advice will be appreciated.

*************************************************************
* Adware Away 3.0.4
* Global Scan Log File For Windows XP
* Log created time : 2007-3-12 11:9:36
* For more information,please visit:
* WebSite: http://www.AdwareAway.net
* OR
* Support: Support@AdwareAway.net
*
* {9312f1c6-acfb-4337-892d-a3b80e1f4127}
* 2007-01-22 2007-01-22
*************************************************************
====================All Running Processes====================
Running Process : N/A (security restriction)
Running Process : N/A (security restriction)
Running Process : \SystemRoot\System32\smss.exe
Running Process : \??\C:\WINDOWS\system32\csrss.exe
Running Process : \??\C:\WINDOWS\system32\winlogon.exe
Running Process : C:\WINDOWS\system32\services.exe
Running Process : C:\WINDOWS\system32\lsass.exe
Running Process : C:\WINDOWS\system32\svchost.exe
Running Process : C:\WINDOWS\system32\svchost.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\Program Files\Radialpoint\Freedom\fws.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\Explorer.EXE
Running Process : C:\WINDOWS\system32\LEXBCES.EXE
Running Process : C:\WINDOWS\system32\spoolsv.exe
Running Process : C:\WINDOWS\system32\LEXPPS.EXE
Running Process : C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
Running Process : C:\Program Files\Video Access ActiveX Object\isamntr.exe
Running Process : C:\WINDOWS\BCMSMMSG.exe
Running Process : C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
Running Process : C:\WINDOWS\system32\dla\tfswctrl.exe
Running Process : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Running Process : C:\Program Files\Picasa2\PicasaMediaDetector.exe
Running Process : C:\Program Files\Radialpoint\Freedom\Rps.exe
Running Process : C:\Program Files\Winamp\winampa.exe
Running Process : C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
Running Process : C:\Program Files\QuickTime\qttask.exe
Running Process : C:\Program Files\iTunes\iTunesHelper.exe
Running Process : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Running Process : C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
Running Process : C:\Program Files\Video Access ActiveX Object\pmmnt.exe
Running Process : C:\WINDOWS\system32\ctfmon.exe
Running Process : C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
Running Process : C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Running Process : C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Running Process : C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Running Process : C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
Running Process : C:\Program Files\Video Access ActiveX Object\isamini.exe -->
Running Process : C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
Running Process : C:\WINDOWS\System32\CTsvcCDA.exe
Running Process : C:\Program Files\Common Files\Command Software\dvpapi.exe
Running Process : C:\WINDOWS\System32\nvsvc32.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\System32\MsPMSPSv.exe
Running Process : C:\Program Files\iPod\bin\iPodService.exe
Running Process : C:\WINDOWS\System32\alg.exe
Running Process : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Running Process : C:\WINDOWS\system32\wuauclt.exe
Running Process : C:\Program Files\Adware Away\AdAway.exe

====================All Running Services====================
Running Service [0] : ACPI - System32\DRIVERS\ACPI.sys - Microsoft ACPI Driver
Driver [4] : ACPIEC - C:\WINDOWS\system32\drivers\ACPIEC.sys :[Microsoft Corporation - 11648 5.1.2600.0]
Running Service [0] : agp440 - System32\DRIVERS\agp440.sys - Intel AGP Bus Filter
Running Service [0] : atapi - System32\DRIVERS\atapi.sys - Standard IDE/ESDI Hard Disk Controller
Running Service [2] : AudioSrv - %SystemRoot%\System32\svchost.exe -k netsvcs - Windows Audio
Driver [1] : Beep - C:\WINDOWS\system32\drivers\Beep.sys :[Microsoft Corporation - 4224 5.1.2600.0]
Running Service [2] : BITS - %SystemRoot%\System32\svchost.exe -k netsvcs - Background Intelligent Transfer Service
Running Service [2] : Browser - %SystemRoot%\System32\svchost.exe -k netsvcs - Computer Browser
Driver [4] : cbidf2k - C:\WINDOWS\system32\drivers\cbidf2k.sys :[Microsoft Corporation - 13952 5.1.2600.0]
Driver [1] : Cdaudio - C:\WINDOWS\system32\drivers\Cdaudio.sys :[Microsoft Corporation - 18688 5.1.2600.0]
Driver [4] : Cdfs - C:\WINDOWS\system32\drivers\Cdfs.sys :[Microsoft Corporation - 63744 5.1.2600.2180]
Running Service [2] : Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe - Creative Service for CDROM Access
Running Service [2] : CryptSvc - %SystemRoot%\system32\svchost.exe -k netsvcs - Cryptographic Services
Running Service [2] : CSS DVP - System32\DRIVERS\css-dvp.sys - CSS DVP
Running Service [2] : DCFS2K - system32\drivers\dcfs2k.sys - Kodak DCFS2K Driver
Running Service [2] : DcomLaunch - %SystemRoot%\system32\svchost -k DcomLaunch - DCOM Server Process Launcher
Running Service [2] : Dhcp - %SystemRoot%\System32\svchost.exe -k netsvcs - DHCP Client
Running Service [0] : Disk - System32\DRIVERS\disk.sys - Disk Driver
Running Service [2] : Dnscache - %SystemRoot%\System32\svchost.exe -k NetworkService - DNS Client
Running Service [0] : drvmcdb - system32\drivers\drvmcdb.sys -
Running Service [2] : drvnddm - system32\drivers\drvnddm.sys -
Running Service [2] : dvpapi - "C:\Program Files\Common Files\Command Software\dvpapi.exe" - DvpApi
Running Service [2] : ERSvc - %SystemRoot%\System32\svchost.exe -k netsvcs - Error Reporting Service
Running Service [2] : Eventlog - %SystemRoot%\system32\services.exe - Event Log
Driver [4] : Fastfat - C:\WINDOWS\system32\drivers\Fastfat.sys :[Microsoft Corporation - 143360 5.1.2600.2180]
Driver [1] : Fips - C:\WINDOWS\system32\drivers\Fips.sys :[Microsoft Corporation - 34944 5.1.2600.0]
Running Service [0] : FltMgr - system32\drivers\fltmgr.sys - FltMgr
Running Service [2] : FreeTdi - System32\Drivers\FreeTdi.sys - Radialpoint Filter (25328)
Driver [1] : Fs_Rec - C:\WINDOWS\system32\drivers\Fs_Rec.sys :[Microsoft Corporation - 7936 5.1.2600.0]
Running Service [0] : Ftdisk - System32\DRIVERS\ftdisk.sys - Volume Manager Driver
Running Service [2] : FWS - C:\Program Files\Radialpoint\Freedom\fws.exe - Radialpoint Service
Running Service [2] : helpsvc - %SystemRoot%\System32\svchost.exe -k netsvcs - Help and Support
Running Service [2] : HidServ - %SystemRoot%\System32\svchost.exe -k netsvcs - HID Input Service
Running Service [0] : isapnp - System32\DRIVERS\isapnp.sys - PnP ISA/EISA Bus Driver
Driver [0] : KSecDD - C:\WINDOWS\system32\drivers\KSecDD.sys :[Microsoft Corporation - 92032 5.1.2600.2180]
Running Service [2] : lanmanserver - %SystemRoot%\System32\svchost.exe -k netsvcs - Server
Running Service [2] : lanmanworkstation - %SystemRoot%\System32\svchost.exe -k netsvcs - Workstation
Running Service [2] : LexBceS - C:\WINDOWS\system32\LEXBCES.EXE - LexBce Server
Running Service [2] : LmHosts - %SystemRoot%\System32\svchost.exe -k LocalService - TCP/IP NetBIOS Helper
Driver [1] : mnmdd - C:\WINDOWS\system32\drivers\mnmdd.sys :[Microsoft Corporation - 4224 5.1.2600.0]
Driver [3] : Modem - C:\WINDOWS\system32\drivers\Modem.sys :[Microsoft Corporation - 30080 5.1.2600.2180]
Driver [0] : MountMgr - C:\WINDOWS\system32\drivers\MountMgr.sys :[Microsoft Corporation - 42240 5.1.2600.2180]
Driver [1] : Msfs - C:\WINDOWS\system32\drivers\Msfs.sys :[Microsoft Corporation - 19072 5.1.2600.2180]
Driver [0] : Mup - C:\WINDOWS\system32\drivers\Mup.sys :[Microsoft Corporation - 107904 5.1.2600.2180]
Driver [0] : NDIS - C:\WINDOWS\system32\drivers\NDIS.sys :[Microsoft Corporation - 182912 5.1.2600.2180]
Driver [3] : NDProxy - C:\WINDOWS\system32\drivers\NDProxy.sys :[Microsoft Corporation - 38016 5.1.2600.0]
Driver [1] : Npfs - C:\WINDOWS\system32\drivers\Npfs.sys :[Microsoft Corporation - 30848 5.1.2600.2180]
Driver [4] : Ntfs - C:\WINDOWS\system32\drivers\Ntfs.sys :[Microsoft Corporation - 574592 5.1.2600.2180]
Driver [1] : Null - C:\WINDOWS\system32\drivers\Null.sys :[Microsoft Corporation - 2944 5.1.2600.0]
Running Service [2] : NVSvc - %SystemRoot%\System32\nvsvc32.exe - NVIDIA Driver Helper Service
Driver [0] : PartMgr - C:\WINDOWS\system32\drivers\PartMgr.sys :[Microsoft Corporation - 18688 5.1.2600.0]
Driver [2] : ParVdm - C:\WINDOWS\system32\drivers\ParVdm.sys :[Microsoft Corporation - 6784 5.1.2600.0]
Running Service [0] : PCI - System32\DRIVERS\pci.sys - PCI Bus Driver
Running Service [0] : PCIIde - System32\DRIVERS\pciide.sys -
Driver [4] : Pcmcia - C:\WINDOWS\system32\drivers\Pcmcia.sys :[Microsoft Corporation - 119936 5.1.2600.2180]
Running Service [2] : PfModNT - \??\C:\WINDOWS\System32\PfModNT.sys -
Running Service [2] : PlugPlay - %SystemRoot%\system32\services.exe - Plug and Play
Running Service [2] : PolicyAgent - %SystemRoot%\System32\lsass.exe - IPSEC Services
Running Service [2] : ProtectedStorage - %SystemRoot%\system32\lsass.exe - Protected Storage
Running Service [0] : PxHelp20 - System32\Drivers\PxHelp20.sys - PxHelp20
Driver [3] : RDPWD - C:\WINDOWS\system32\drivers\RDPWD.sys :[Microsoft Corporation - 139528 5.1.2600.2695]
Running Service [2] : RpcSs - %SystemRoot%\system32\svchost -k rpcss - Remote Procedure Call (RPC)
Running Service [2] : SamSs - %SystemRoot%\system32\lsass.exe - Security Accounts Manager
Running Service [2] : Schedule - %SystemRoot%\System32\svchost.exe -k netsvcs - Task Scheduler
Running Service [0] : ScsiPort - %SystemRoot%\system32\drivers\scsiport.sys -
Running Service [2] : seclogon - %SystemRoot%\System32\svchost.exe -k netsvcs - Secondary Logon
Running Service [2] : SENS - %SystemRoot%\system32\svchost.exe -k netsvcs - System Event Notification
Driver [1] : Sfloppy - C:\WINDOWS\system32\drivers\Sfloppy.sys :[Microsoft Corporation - 11392 5.1.2600.2180]
Running Service [2] : SharedAccess - %SystemRoot%\System32\svchost.exe -k netsvcs - Windows Firewall/Internet Connection Sharing (ICS)
Running Service [2] : ShellHWDetection - %SystemRoot%\System32\svchost.exe -k netsvcs - Shell Hardware Detection
Running Service [2] : Spooler - %SystemRoot%\system32\spoolsv.exe - Print Spooler
Running Service [0] : sr - System32\DRIVERS\sr.sys - System Restore Filter Driver
Running Service [2] : srservice - %SystemRoot%\System32\svchost.exe -k netsvcs - System Restore Service
Running Service [2] : stisvc - %SystemRoot%\System32\svchost.exe -k imgsvc - Windows Image Acquisition (WIA)
Driver [3] : TDPIPE - C:\WINDOWS\system32\drivers\TDPIPE.sys :[Microsoft Corporation - 12040 5.1.2600.2180]
Driver [3] : TDTCP - C:\WINDOWS\system32\drivers\TDTCP.sys :[Microsoft Corporation - 21896 5.1.2600.2180]
Running Service [2] : tfsnboio - system32\dla\tfsnboio.sys -
Running Service [2] : tfsncofs - system32\dla\tfsncofs.sys -
Running Service [2] : tfsndrct - system32\dla\tfsndrct.sys -
Running Service [2] : tfsndres - system32\dla\tfsndres.sys -
Running Service [2] : tfsnifs - system32\dla\tfsnifs.sys -
Running Service [2] : tfsnopio - system32\dla\tfsnopio.sys -
Running Service [2] : tfsnpool - system32\dla\tfsnpool.sys -
Running Service [2] : tfsnudf - system32\dla\tfsnudf.sys -
Running Service [2] : tfsnudfa - system32\dla\tfsnudfa.sys -
Running Service [2] : Themes - %SystemRoot%\System32\svchost.exe -k netsvcs - Themes
Running Service [2] : TrkWks - %SystemRoot%\system32\svchost.exe -k netsvcs - Distributed Link Tracking Client
Driver [4] : Udfs - C:\WINDOWS\system32\drivers\Udfs.sys :[Microsoft Corporation - 66176 5.1.2600.2180]
Driver [0] : VolSnap - C:\WINDOWS\system32\drivers\VolSnap.sys :[Microsoft Corporation - 52352 5.1.2600.2180]
Running Service [2] : W32Time - %SystemRoot%\System32\svchost.exe -k netsvcs - Windows Time
Running Service [2] : WebClient - %SystemRoot%\System32\svchost.exe -k LocalService - WebClient
Running Service [2] : winmgmt - %systemroot%\system32\svchost.exe -k netsvcs - Windows Management Instrumentation
Running Service [2] : WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe - WMDM PMSP Service
Running Service [2] : wscsvc - %SystemRoot%\System32\svchost.exe -k netsvcs - Security Center
Running Service [2] : wuauserv - %systemroot%\system32\svchost.exe -k netsvcs - Automatic Updates
Running Service [2] : WZCSVC - %SystemRoot%\System32\svchost.exe -k netsvcs - Wireless Zero Configuration

====================SVCHOST DLLs====================
Alerter = C:\WINDOWS\system32\alrsvc.dll [Microsoft Corporation] [17408 5.1.2600.2180]
*AppMgmt = C:\WINDOWS\System32\appmgmts.dll [] [-1 0.0.0.0]
AudioSrv = C:\WINDOWS\System32\audiosrv.dll [Microsoft Corporation] [42496 5.1.2600.2180]
BITS = C:\WINDOWS\System32\qmgr.dll [Microsoft Corporation] [382464 6.6.2600.2180]
Browser = C:\WINDOWS\System32\browser.dll [Microsoft Corporation] [77312 5.1.2600.2180]
CryptSvc = C:\WINDOWS\System32\cryptsvc.dll [Microsoft Corporation] [60416 5.1.2600.2180]
DcomLaunch = C:\WINDOWS\system32\rpcss.dll [Microsoft Corporation] [397824 5.1.2600.2726]
Dhcp = C:\WINDOWS\System32\dhcpcsvc.dll [Microsoft Corporation] [111616 5.1.2600.2912]
dmserver = C:\WINDOWS\System32\dmserver.dll [Microsoft Corp.] [23552 2600.2180.503.0]
Dnscache = C:\WINDOWS\System32\dnsrslvr.dll [Microsoft Corporation] [45568 5.1.2600.2180]
ERSvc = C:\WINDOWS\System32\ersvc.dll [Microsoft Corporation] [23040 5.1.2600.2180]
EventSystem = C:\WINDOWS\System32\es.dll [Microsoft Corporation] [243200 2001.12.4414.308]
FastUserSwitchingCompatibility = C:\WINDOWS\System32\shsvcs.dll [Microsoft Corporation] [134656 6.0.2900.3051]
helpsvc = C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [Microsoft Corporation] [38912 5.1.2600.2180]
HidServ = C:\WINDOWS\System32\hidserv.dll [Microsoft Corporation] [21504 5.1.2600.2180]
HTTPFilter = C:\WINDOWS\System32\w3ssl.dll [Microsoft Corporation] [15872 6.0.2600.2180]
lanmanserver = C:\WINDOWS\System32\srvsvc.dll [Microsoft Corporation] [96768 5.1.2600.2577]
lanmanworkstation = C:\WINDOWS\System32\wkssvc.dll [Microsoft Corporation] [132096 5.1.2600.2976]
LmHosts = C:\WINDOWS\System32\lmhsvc.dll [Microsoft Corporation] [13824 5.1.2600.2180]
Messenger = C:\WINDOWS\System32\msgsvc.dll [Microsoft Corporation] [33792 5.1.2600.2180]
Netman = C:\WINDOWS\System32\netman.dll [Microsoft Corporation] [197632 5.1.2600.2743]
Nla = C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation] [245248 5.1.2600.2180]
NtmsSvc = C:\WINDOWS\system32\ntmssvc.dll [Microsoft Corporation] [435200 5.1.2400.2180]
RasAuto = C:\WINDOWS\System32\rasauto.dll [Microsoft Corporation] [89088 5.1.2600.2180]
RasMan = C:\WINDOWS\System32\rasmans.dll [Microsoft Corporation] [181248 5.1.2600.2936]
RemoteAccess = C:\WINDOWS\System32\mprdim.dll [Microsoft Corporation] [49152 5.1.2600.0]
RpcSs = C:\WINDOWS\system32\rpcss.dll [Microsoft Corporation] [397824 5.1.2600.2726]
Schedule = C:\WINDOWS\system32\schedsvc.dll [Microsoft Corporation] [190976 5.1.2600.2180]
seclogon = C:\WINDOWS\System32\seclogon.dll [Microsoft Corporation] [18944 5.1.2600.2180]
SENS = C:\WINDOWS\system32\sens.dll [Microsoft Corporation] [38912 5.1.2600.2180]
SharedAccess = C:\WINDOWS\System32\ipnathlp.dll [Microsoft Corporation] [331264 5.1.2600.2180]
ShellHWDetection = C:\WINDOWS\System32\shsvcs.dll [Microsoft Corporation] [134656 6.0.2900.3051]
srservice = C:\WINDOWS\System32\srsvc.dll [Microsoft Corporation] [170496 5.1.2600.2180]
SSDPSRV = C:\WINDOWS\System32\ssdpsrv.dll [Microsoft Corporation] [71680 5.1.2600.2180]
stisvc = C:\WINDOWS\system32\wiaservc.dll [Microsoft Corporation] [333824 5.1.2600.3051]
TapiSrv = C:\WINDOWS\System32\tapisrv.dll [Microsoft Corporation] [249344 5.1.2600.2716]
TermService = C:\WINDOWS\System32\termsrv.dll [Microsoft Corporation] [295424 5.1.2600.2180]
Themes = C:\WINDOWS\System32\shsvcs.dll [Microsoft Corporation] [134656 6.0.2900.3051]
TrkWks = C:\WINDOWS\system32\trkwks.dll [Microsoft Corporation] [90624 5.1.2600.2180]
upnphost = C:\WINDOWS\System32\upnphost.dll [Microsoft Corporation] [185344 5.1.2600.2180]
usnsvc = C:\Program Files\MSN Messenger\usnsvc.dll [Microsoft Corporation] [117544 8.0.812.0]
W32Time = C:\WINDOWS\System32\w32time.dll [Microsoft Corporation] [174592 5.1.2600.2180]
WebClient = C:\WINDOWS\System32\webclnt.dll [Microsoft Corporation] [68096 5.1.2600.2821]
winmgmt = C:\WINDOWS\system32\wbem\WMIsvc.dll [Microsoft Corporation] [144896 5.1.2600.2180]
WmdmPmSN = C:\WINDOWS\system32\MsPMSNSv.dll [Microsoft Corporation] [27136 11.0.5721.5145]
wscsvc = C:\WINDOWS\system32\wscsvc.dll [Microsoft Corporation] [81408 5.1.2600.2180]
wuauserv = C:\WINDOWS\System32\wuauserv.dll [Microsoft Corporation] [6656 5.4.3790.2180]
WudfSvc = C:\WINDOWS\System32\WUDFSvc.dll [Microsoft Corporation] [55808 6.0.5716.32]
WZCSVC = C:\WINDOWS\System32\wzcsvc.dll [Microsoft Corporation] [359936 5.1.2600.2180]
xmlprov = C:\WINDOWS\System32\xmlprov.dll [Microsoft Corporation] [129536 5.1.2600.2180]

====================LSPs====================
Provider Name :MSAFD Tcpip [TCP/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_TCP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_STREAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD Tcpip [UDP/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_UDP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD Tcpip [RAW/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_IP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_RAW
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :RSVP UDP Service Provider
Protocol ID :9d60a9e0-337a-11d0-bd88-0000c082e69a
Protocol :IPPROTO_UDP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\rsvpsp.dll

Provider Name :RSVP TCP Service Provider
Protocol ID :9d60a9e0-337a-11d0-bd88-0000c082e69a
Protocol :IPPROTO_TCP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_STREAM
DLL Path :%SystemRoot%\system32\rsvpsp.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{54C63FF6-91D6-4769-92C3-EF81C696CE5E}] SEQPACKET 3
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{54C63FF6-91D6-4769-92C3-EF81C696CE5E}] DATAGRAM 3
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{EBFB1ED3-1A56-48DF-B40C-67B26B169485}] SEQPACKET 0
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{EBFB1ED3-1A56-48DF-B40C-67B26B169485}] DATAGRAM 0
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{7837D886-892D-44DB-B03C-4CD4669F9D02}] SEQPACKET 1
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{7837D886-892D-44DB-B03C-4CD4669F9D02}] DATAGRAM 1
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7557F06-AF88-4333-8FD3-DE9FA322B87E}] SEQPACKET 2
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7557F06-AF88-4333-8FD3-DE9FA322B87E}] DATAGRAM 2
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll


====================Auto-Run====================
Auto-Run : HKCU\Run\MsnMsgr=C:\Program Files\MSN Messenger\MsnMsgr.Exe=[Microsoft Corporation]=[5354792=8.0.812.0]
Auto-Run : HKCU\Run\ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe=[Microsoft Corporation]=[15360=5.1.2600.2180]
Auto-Run : HKCU\Run\Yahoo! Pager=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE=[Yahoo! Inc.]=[4662776=8.1.0.209]
Auto-Run : HKCU\RunOnce\Privacy Suite=C:\Program Files\CyberScrub Privacy Suite\CSPSeraser.exe=[CyberScrub LLC]=[860672=5.0.0.94]
Auto-Run : HKLM\Run\BCMSMMSG=BCMSMMSG.exe=[Broadcom Corporation]=[122880=3.5.25.0]
Auto-Run : HKLM\Run\NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup=[Microsoft Corporation]=[33280=5.1.2600.2180]
Auto-Run : HKLM\Run\diagent=C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe=[Creative Technology Ltd]=[135264=1.1.4.0]
Auto-Run : HKLM\Run\UpdReg=C:\WINDOWS\UpdReg.EXE=[Creative Technology Ltd.]=[90112=1.0.2.0]
Auto-Run : HKLM\Run\Dell AIO Printer A940=C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe=[Dell Computer Corporation]=[294998=0.1.1.1]
Auto-Run : HKLM\Run\dla=C:\WINDOWS\system32\dla\tfswctrl.exe=[Sonic Solutions]=[114741=1.4.5.1]
Auto-Run : HKLM\Run\StorageGuard=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe=[Sonic Solutions]=[155648=1.1.11.0]
Auto-Run : HKLM\Run\Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe=[Google Inc.]=[366400=2.6.35.97]
Auto-Run : HKLM\Run\Freedom=C:\Program Files\Radialpoint\Freedom\Rps.exe=[Radialpoint]=[229376=5.2.2.51055]
Auto-Run : HKLM\Run\WinampAgent=C:\Program Files\Winamp\winampa.exe=[]=[35328=0.0.0.0]
Auto-Run : HKLM\Run\SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe=[Sun Microsystems, Inc.]=[75520=5.0.110.3]
Auto-Run : HKLM\Run\=C:\Program Files\Zero Knowledge\Freedom\Freedom.exe=[]=[0=0.0.0.0]
Auto-Run : HKLM\Run\KernelFaultCheck=%systemroot%\system32\dumprep 0 -k=[]=[0=0.0.0.0]
Auto-Run : HKLM\Run\QuickTime Task=C:\Program Files\QuickTime\qttask.exe=[Apple Computer, Inc.]=[282624=7.1.5.120]
Auto-Run : HKLM\Run\iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe=[Apple Inc.]=[257088=7.1.0.59]
Auto-Run : HKLM\RunOnceEx\==[]=[0=0.0.0.0]
Auto-Run : HKLM\Policies\Run\rare=C:\Program Files\Video Access ActiveX Object\pmsnrr.exe=[]=[33280=0.0.0.0]
Auto-Run : HKLM\Policies\Run\user32.dll=C:\Program Files\Video Access ActiveX Object\isamntr.exe=[]=[36864=0.0.0.0]
Auto-Run : HKLM\Winlogon\shell=Explorer.exe=[Microsoft Corporation]=[1032192=6.0.2900.2180]
Auto-Run : HKLM\Winlogon\userinit=C:\WINDOWS\system32\userinit.exe,=[Microsoft Corporation]=[24576=5.1.2600.2180]
Auto-Run : HKLM\Winlogon\UIHost=logonui.exe=[Microsoft Corporation]=[514560=6.0.2900.2180]
Auto-Run : HKCU\NT\Windows\Load==[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}:C:\WINDOWS\system32\SHELL32.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}:C:\WINDOWS\system32\SHELL32.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}:C:\WINDOWS\system32\webcheck.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}:C:\WINDOWS\System32\stobject.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\WPDShServiceObj={AAA288BA-9A4C-45B0-95D7-94D524869DB5}:C:\WINDOWS\system32\WPDShServiceObj.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\SharedTask\{438755C2-A8BA-11D1-B96B-00A0C90312E1}=Browseui preloader:C:\WINDOWS\System32\browseui.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\SharedTask\{8C7461EF-2B13-11d2-BE35-3078302C2030}=Component Categories cache daemon:C:\WINDOWS\System32\browseui.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\Session\BootExecute=autocheck autochk *=[]=[0=0.0.0.0]
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

====================System Restrictions====================
System Restriction : WallPaper=C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShareWallpaper.bmp

====================IE Pages====================
IE Page :SearchURL=http://www.google.com
IE Page :Start Page=http://www.yahoo.com/
IE Page :Search Bar=http://www.google.com/ie
IE Page :Search Page=http://www.google.com
IE Page :SearchAssistant=http://www.google.com
IE Page :Start Page=http://go.microsoft.com/fwlink/?LinkId=69157
IE Page :Default_Page_URL=http://go.microsoft.com/fwlink/?LinkId=69157
IE Page :Default_Search_URL=http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE Page :Search Bar=http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.html
IE Page :Search Page=http://red.clientapps.yahoo.com/customize/ie/defaults/sp/yme/*http://www.yahoo.com
IE Page :SearchAssistant=http://www.google.com/ie
IE Page :CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

====================IE Url Prefix====================
IE UrlPrefix :DefaultPrefix=http://
IE UrlPrefix :ftp=ftp://
IE UrlPrefix :gopher=gopher://
IE UrlPrefix :home=http://
IE UrlPrefix :mosaic=http://
IE UrlPrefix :www=http://

====================IE UrlSearchHook====================
IE UrlSearchHook(HKCU) :{CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\system32\ieframe.dll
IE UrlSearchHook(HKLM) :{CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\system32\ieframe.dll

====================IE BHO && Toolbar====================
IE BHO : {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll=[440384 = 2006.10.26.1]
IE BHO : {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}==[440384 = 2006.10.26.1]
IE BHO : {3C060EA2-E6A9-4E49-A530-D4657B8C449A}=C:\Program Files\Radialpoint\Freedom\pkR.dll=[57344 = 5.2.2.51055]
IE BHO : {56071E0D-C61B-11D3-B41C-00E02927A304}=C:\Program Files\Radialpoint\Freedom\FBHR.dll=[135168 = 5.2.2.51055]
IE BHO : {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll=[440056 = 5.0.110.3]
IE BHO : {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll=[324416 = 4.0.249.1]
IE BHO : {A6ACAE64-F798-4930-AD86-BD3FB32038DB}=C:\Program Files\Video Access ActiveX Object\isadd.dll=[16896 = 0.0.0.0]
IE Toolbar : {EF99BD32-C1FB-11D2-892F-0090271D4F88}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll=[440384 = 0.10.26.1]

====================Protocol Filter====================
Protocol Filter : Class Install Handler={32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : deflate={8f6b0360-b80d-11d0-a9b3-006097942311}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : gzip={8f6b0360-b80d-11d0-a9b3-006097942311}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : lzdhtml={8f6b0360-b80d-11d0-a9b3-006097942311}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : text/webviewhtml={733AC4CB-F1A4-11d0-B951-00A0C90312E1}=C:\WINDOWS\system32\SHELL32.dll=[8453632 = 6.0.2900.3051]

====================Notify Dlls====================
Notify Dll : crypt32chain=crypt32.dll=[-1 = 5.131.2600.2180]
Notify Dll : cryptnet=cryptnet.dll=[-1 = 5.131.2600.2180]
Notify Dll : cscdll=cscdll.dll=[-1 = 5.1.2600.2180]
Notify Dll : ScCertProp=wlnotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : Schedule=wlnotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : sclgntfy=sclgntfy.dll=[-1 = 5.1.2600.2180]
Notify Dll : SensLogn=WlNotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : termsrv=wlnotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : WgaLogon=WgaLogon.dll=[-1 = 1.7.17.0]
Notify Dll : wlballoon=wlnotify.dll=[-1 = 5.1.2600.2180]

====================Shell Extensions====================
Shell Extension : {42071714-76d4-11d1-8b24-00a0c9068ff3}=C:\WINDOWS\system32\deskpan.dll=[=-1 = 0.0.0.0]
Shell Extension : {764BF0E1-F219-11ce-972D-00AA00A14F56}==[=-1 = 0.0.0.0]
Shell Extension : {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}==[=-1 = 0.0.0.0]
Shell Extension : {88895560-9AA2-1069-930E-00AA0030EBC8}=C:\WINDOWS\System32\hticons.dll=[Hilgraeve, Inc.=44544 = 5.1.2600.0]
Shell Extension : {0DF44EAA-FF21-4412-828E-260A8728E7F1}==[=-1 = 0.0.0.0]
Shell Extension : {32683183-48a0-441b-a342-7c2a440a9478}==[=-1 = 0.0.0.0]
Shell Extension : {7A9D77BD-5403-11d2-8785-2E0420524153}==[=-1 = 0.0.0.0]
Shell Extension : {acb4a560-3606-11d3-aef4-00104bd0f92d}=C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll=[Eastman Kodak Company=183296 = 2.0.2300.3]
Shell Extension : {DEE12703-6333-4D4E-8F34-738C4DCC2E04}=C:\Program Files\Sonic\RecordNow!\shlext.dll=[Sonic Solutions=77824 = 1.0.0.1]
Shell Extension : {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll=[Sonic Solutions=106548 = 1.4.5.1]
Shell Extension : {880E1C60-DBEB-11D3-A4C4-A58C7193AA36}=C:\PROGRA~1\CYBERS~1\cybshell.dll=[CyberScrub LLC=136192 = 4.0.0.110]
Shell Extension : {10F0C2A9-8E38-43E1-204D-45524C494E20}==[=-1 = 0.0.0.0]
Shell Extension : {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}=C:\Program Files\iTunes\iTunesMiniPlayer.dll=[Apple Inc.=132672 = 7.1.0.59]

====================Shell Extension Hooks====================
{AEB6717E-7E19-11d0-97EE-00C04FD91972}=shell32.dll=[Microsoft Corporation=-1 = 6.0.2900.3051]

====================Explorer Bars====================
Explorer Bar : {4D5C8C25-D075-11d0-B416-00C04FB90376} = C:\WINDOWS\System32\shdocvw.dll=[Microsoft Corporation=1497600 6.0.2900.3020]

====================Folder Dlls====================
Folder Dll : {0D2E74C4-3C34-11d2-A27E-00C04FC30871}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {24F14F01-7B1C-11d1-838f-0000F80461CF}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {24F14F02-7B1C-11d1-838f-0000F80461CF}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {66742402-F9B9-11D1-A202-0000F81FEDEE}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {F9DB5320-233E-11D1-9F84-707F02C10627}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll=[Adobe Systems, Inc.=372736 8.0.0.0]

====================File Associations====================

====================IE Toolbar Buttons && Context Menu====================
IE Toolbar Button :{08B0E5C0-4FCB-11CF-AAA5-00401C608501}==[]
IE Toolbar Button :{e2e2dd38-d088-4134-82b7-f2ba38496583}==[%windir%\Network Diagnostic\xpnetdiag.exe]
IE Toolbar Button :{FB5F1910-F110-11d2-BB9E-00C04F795683}=Messenger=[C:\Program Files\Messenger\msmsgs.exe]

====================Installed ActiveX====================
Installed ActiveX :{8AD9C840-044E-11D1-B3E9-00805F499D93}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll=[INF - jinstall-1_5_0_10.inf]
Installed ActiveX :{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}=C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll=[INF - jinstall-1_5_0_10.inf]
Installed ActiveX :{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll=[INF - jinstall-1_5_0_10.inf]
Installed ActiveX :{D27CDB6E-AE6D-11CF-96B8-444553540000}==[INF - swflash.inf]
Installed ActiveX :{724bb6a4-e526-450f-affa-ab9b45129111}=C:\WINDOWS\System32\wmv9dmod.dll=[INF - wmv9dmo.inf]
Installed ActiveX :{724bb6a4-e526-450f-affa-ab9b45129111}=C:\WINDOWS\System32\wmv9dmod.dll=[INF - wmv9dmo.inf]
Installed ActiveX :{724bb6a4-e526-450f-affa-ab9b45129111}=C:\WINDOWS\System32\wmv9dmod.dll=[INF - wmv9dmo.inf]
Installed ActiveX :{724bb6a4-e526-450f-affa-ab9b45129111}=C:\WINDOWS\System32\wmv9dmod.dll=[INF - wmv9dmo.inf]

====================Proxy Settings====================
Proxy Settings : ProxyEnable = [No] ProxyServer = []

====================Name Server====================
Name Server : {54C63FF6-91D6-4769-92C3-EF81C696CE5E}=85.255.115.34,85.255.112.112
Name Server : {7837D886-892D-44DB-B03C-4CD4669F9D02}=
Name Server : {EBFB1ED3-1A56-48DF-B40C-67B26B169485}=85.255.115.34,85.255.112.112

====================Ext Dlls====================

====================Security Sites====================

====================Security Providers====================
Security Providers : CS001 = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Security Providers : CCS = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

====================Other Dlls====================
IE DLL : 26c0000=C:\Program Files\Video Access ActiveX Object\isadd.dll==[16896 0.0.0.0]

{3050F406-98B5-11CF-BB82-00AA00BDCE0B}=C:\WINDOWS\system32\mshtml.dll


 
Bruce
3/12/2007 12:36:29 PM
 
Moderator
Level: 10
Joined: 2/9/2007 4:58:45 PM
Hi peter,

Please do this :

1. Update your Adware Away reference files
2. After the update is finished, exit all IE window
3. Launch Adware Away
4. Click "Scan"
5. After it is finished, click "Next"
6. Click "Specialized Remover" in left panel
7. Click "Next"
8. After all specialized removers are finished, the hijacker will be removed.

 
peter
3/12/2007 1:03:57 PM
 
General User
Level: 1
Joined: 3/12/2007 11:07:26 AM
Hi Bruce, thank you for your quick response, I updated AA and it removed the hijacker. I will update AA reference file regularly. Do you have any advice on how to avoid getting infected again ?

 
Bruce
3/12/2007 2:21:21 PM
 
Moderator
Level: 10
Joined: 2/9/2007 4:58:45 PM
Hi peter,

Here are some tips to reduce the risk of being infected by malware :

1. Never open unknown email attachment
2. Be careful to download some free software,some freeware is often bound with malware.
3. turn your internet security settings to a higher level
4. Never go to porn site
5. Don't use free version of file sharing program
6. Update your Windows regularly

 
peter
3/12/2007 5:23:19 PM
 
General User
Level: 1
Joined: 3/12/2007 11:07:26 AM
Thanks again, Bruce, I will keep it in mind.

 
AdFirewall
Prevent your computer from being infected by spyware!
Sponser's Link
Advertise on this site
Copyright ? 2004 - F.Y.N. Technology Inc.