General User
Level: 1
Joined: 3/13/2007 11:10:08 AM

Please help me get rid of http://warningiepage.com. Every time I log onto Internet Explorer, my page comes up as http://warningiepage.com and I get a popup that my computer is infected with W32.Myzor.FK@yf virus. Here is my Adware Away log file :

*************************************************************
* Adware Away 3.0.5
* Global Scan Log File For Windows XP
* Log created time : 2007-3-13 10:19:45
* For more information,please visit:
* WebSite: http://www.AdwareAway.net
* OR
* Support: Support@AdwareAway.net
*
* {13acf1c6-145b-1227-342d-78b80e1f5447}
* 2007-01-22 2007-01-22
*************************************************************
====================All Running Processes====================
Running Process : N/A (security restriction)
Running Process : N/A (security restriction)
Running Process : \SystemRoot\System32\smss.exe
Running Process : \??\C:\WINDOWS\system32\csrss.exe
Running Process : \??\C:\WINDOWS\system32\winlogon.exe
Running Process : C:\WINDOWS\system32\services.exe
Running Process : C:\WINDOWS\system32\lsass.exe
Running Process : C:\WINDOWS\system32\svchost.exe
Running Process : C:\WINDOWS\system32\svchost.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\Explorer.EXE
Running Process : C:\WINDOWS\system32\LEXBCES.EXE
Running Process : C:\WINDOWS\system32\spoolsv.exe
Running Process : C:\WINDOWS\system32\LEXPPS.EXE
Running Process : C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
Running Process : C:\Program Files\Video Access ActiveX Object\isamntr.exe
Running Process : C:\WINDOWS\BCMSMMSG.exe
Running Process : C:\Program Files\QuickTime\qttask.exe
Running Process : C:\Program Files\Video Access ActiveX Object\pmmnt.exe
Running Process : C:\Program Files\iTunes\iTunesHelper.exe
Running Process : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Running Process : C:\WINDOWS\system32\ctfmon.exe
Running Process : C:\Program Files\Video Access ActiveX Object\isamini.exe -->
Running Process : C:\WINDOWS\System32\nvsvc32.exe
Running Process : C:\WINDOWS\System32\svchost.exe
Running Process : C:\WINDOWS\System32\MsPMSPSv.exe
Running Process : C:\Program Files\iPod\bin\iPodService.exe
Running Process : C:\WINDOWS\System32\alg.exe
Running Process : C:\Program Files\Adware Away\AdAway.exe

====================All Running Services====================
Running Service [0] : ACPI - System32\DRIVERS\ACPI.sys - Microsoft ACPI Driver
Driver [4] : ACPIEC - C:\WINDOWS\system32\drivers\ACPIEC.sys :[Microsoft Corporation - 11648 5.1.2600.0]
Running Service [0] : agp440 - System32\DRIVERS\agp440.sys - Intel AGP Bus Filter
Running Service [0] : atapi - System32\DRIVERS\atapi.sys - Standard IDE/ESDI Hard Disk Controller
Running Service [2] : AudioSrv - %SystemRoot%\System32\svchost.exe -k netsvcs - Windows Audio
Driver [1] : Beep - C:\WINDOWS\system32\drivers\Beep.sys :[Microsoft Corporation - 4224 5.1.2600.0]
Running Service [2] : BITS - %SystemRoot%\System32\svchost.exe -k netsvcs - Background Intelligent Transfer Service
Running Service [2] : Browser - %SystemRoot%\System32\svchost.exe -k netsvcs - Computer Browser
Driver [4] : cbidf2k - C:\WINDOWS\system32\drivers\cbidf2k.sys :[Microsoft Corporation - 13952 5.1.2600.0]
Driver [1] : Cdaudio - C:\WINDOWS\system32\drivers\Cdaudio.sys :[Microsoft Corporation - 18688 5.1.2600.0]
Driver [4] : Cdfs - C:\WINDOWS\system32\drivers\Cdfs.sys :[Microsoft Corporation - 63744 5.1.2600.2180]
Running Service [2] : Creative Service for CDROM Access - C:\WINDOWS\System32\CTsvcCDA.exe - Creative Service for CDROM Access
Running Service [2] : CryptSvc - %SystemRoot%\system32\svchost.exe -k netsvcs - Cryptographic Services
Running Service [2] : CSS DVP - System32\DRIVERS\css-dvp.sys - CSS DVP
Running Service [2] : DCFS2K - system32\drivers\dcfs2k.sys - Kodak DCFS2K Driver
Running Service [2] : DcomLaunch - %SystemRoot%\system32\svchost -k DcomLaunch - DCOM Server Process Launcher
Running Service [2] : Dhcp - %SystemRoot%\System32\svchost.exe -k netsvcs - DHCP Client
Running Service [0] : Disk - System32\DRIVERS\disk.sys - Disk Driver
Running Service [2] : Dnscache - %SystemRoot%\System32\svchost.exe -k NetworkService - DNS Client
Running Service [0] : drvmcdb - system32\drivers\drvmcdb.sys -
Running Service [2] : drvnddm - system32\drivers\drvnddm.sys -
Running Service [2] : dvpapi - "C:\Program Files\Common Files\Command Software\dvpapi.exe" - DvpApi
Running Service [2] : ERSvc - %SystemRoot%\System32\svchost.exe -k netsvcs - Error Reporting Service
Running Service [2] : Eventlog - %SystemRoot%\system32\services.exe - Event Log
Driver [4] : Fastfat - C:\WINDOWS\system32\drivers\Fastfat.sys :[Microsoft Corporation - 143360 5.1.2600.2180]
Driver [1] : Fips - C:\WINDOWS\system32\drivers\Fips.sys :[Microsoft Corporation - 34944 5.1.2600.0]
Running Service [0] : FltMgr - system32\drivers\fltmgr.sys - FltMgr
Running Service [2] : FreeTdi - System32\Drivers\FreeTdi.sys - Radialpoint Filter (25328)
Driver [1] : Fs_Rec - C:\WINDOWS\system32\drivers\Fs_Rec.sys :[Microsoft Corporation - 7936 5.1.2600.0]
Running Service [0] : Ftdisk - System32\DRIVERS\ftdisk.sys - Volume Manager Driver
Running Service [2] : FWS - C:\Program Files\Radialpoint\Freedom\fws.exe - Radialpoint Service
Running Service [2] : helpsvc - %SystemRoot%\System32\svchost.exe -k netsvcs - Help and Support
Running Service [2] : HidServ - %SystemRoot%\System32\svchost.exe -k netsvcs - HID Input Service
Running Service [0] : isapnp - System32\DRIVERS\isapnp.sys - PnP ISA/EISA Bus Driver
Driver [0] : KSecDD - C:\WINDOWS\system32\drivers\KSecDD.sys :[Microsoft Corporation - 92032 5.1.2600.2180]
Running Service [2] : lanmanserver - %SystemRoot%\System32\svchost.exe -k netsvcs - Server
Running Service [2] : lanmanworkstation - %SystemRoot%\System32\svchost.exe -k netsvcs - Workstation
Running Service [2] : LexBceS - C:\WINDOWS\system32\LEXBCES.EXE - LexBce Server
Running Service [2] : LmHosts - %SystemRoot%\System32\svchost.exe -k LocalService - TCP/IP NetBIOS Helper
Driver [1] : mnmdd - C:\WINDOWS\system32\drivers\mnmdd.sys :[Microsoft Corporation - 4224 5.1.2600.0]
Driver [3] : Modem - C:\WINDOWS\system32\drivers\Modem.sys :[Microsoft Corporation - 30080 5.1.2600.2180]
Driver [0] : MountMgr - C:\WINDOWS\system32\drivers\MountMgr.sys :[Microsoft Corporation - 42240 5.1.2600.2180]
Driver [1] : Msfs - C:\WINDOWS\system32\drivers\Msfs.sys :[Microsoft Corporation - 19072 5.1.2600.2180]
Driver [0] : Mup - C:\WINDOWS\system32\drivers\Mup.sys :[Microsoft Corporation - 107904 5.1.2600.2180]
Driver [0] : NDIS - C:\WINDOWS\system32\drivers\NDIS.sys :[Microsoft Corporation - 182912 5.1.2600.2180]
Driver [3] : NDProxy - C:\WINDOWS\system32\drivers\NDProxy.sys :[Microsoft Corporation - 38016 5.1.2600.0]
Driver [1] : Npfs - C:\WINDOWS\system32\drivers\Npfs.sys :[Microsoft Corporation - 30848 5.1.2600.2180]
Driver [4] : Ntfs - C:\WINDOWS\system32\drivers\Ntfs.sys :[Microsoft Corporation - 574592 5.1.2600.2180]
Driver [1] : Null - C:\WINDOWS\system32\drivers\Null.sys :[Microsoft Corporation - 2944 5.1.2600.0]
Running Service [2] : NVSvc - %SystemRoot%\System32\nvsvc32.exe - NVIDIA Driver Helper Service
Driver [0] : PartMgr - C:\WINDOWS\system32\drivers\PartMgr.sys :[Microsoft Corporation - 18688 5.1.2600.0]
Driver [2] : ParVdm - C:\WINDOWS\system32\drivers\ParVdm.sys :[Microsoft Corporation - 6784 5.1.2600.0]
Running Service [0] : PCI - System32\DRIVERS\pci.sys - PCI Bus Driver
Running Service [0] : PCIIde - System32\DRIVERS\pciide.sys -
Driver [4] : Pcmcia - C:\WINDOWS\system32\drivers\Pcmcia.sys :[Microsoft Corporation - 119936 5.1.2600.2180]
Running Service [2] : PfModNT - \??\C:\WINDOWS\System32\PfModNT.sys -
Running Service [2] : PlugPlay - %SystemRoot%\system32\services.exe - Plug and Play
Running Service [2] : PolicyAgent - %SystemRoot%\System32\lsass.exe - IPSEC Services
Running Service [2] : ProtectedStorage - %SystemRoot%\system32\lsass.exe - Protected Storage
Running Service [0] : PxHelp20 - System32\Drivers\PxHelp20.sys - PxHelp20
Driver [3] : RDPWD - C:\WINDOWS\system32\drivers\RDPWD.sys :[Microsoft Corporation - 139528 5.1.2600.2695]
Running Service [2] : RpcSs - %SystemRoot%\system32\svchost -k rpcss - Remote Procedure Call (RPC)
Running Service [2] : SamSs - %SystemRoot%\system32\lsass.exe - Security Accounts Manager
Running Service [2] : Schedule - %SystemRoot%\System32\svchost.exe -k netsvcs - Task Scheduler
Running Service [0] : ScsiPort - %SystemRoot%\system32\drivers\scsiport.sys -
Running Service [2] : seclogon - %SystemRoot%\System32\svchost.exe -k netsvcs - Secondary Logon
Running Service [2] : SENS - %SystemRoot%\system32\svchost.exe -k netsvcs - System Event Notification
Driver [1] : Sfloppy - C:\WINDOWS\system32\drivers\Sfloppy.sys :[Microsoft Corporation - 11392 5.1.2600.2180]
Running Service [2] : SharedAccess - %SystemRoot%\System32\svchost.exe -k netsvcs - Windows Firewall/Internet Connection Sharing (ICS)
Running Service [2] : ShellHWDetection - %SystemRoot%\System32\svchost.exe -k netsvcs - Shell Hardware Detection
Running Service [2] : Spooler - %SystemRoot%\system32\spoolsv.exe - Print Spooler
Running Service [0] : sr - System32\DRIVERS\sr.sys - System Restore Filter Driver
Running Service [2] : srservice - %SystemRoot%\System32\svchost.exe -k netsvcs - System Restore Service
Running Service [2] : stisvc - %SystemRoot%\System32\svchost.exe -k imgsvc - Windows Image Acquisition (WIA)
Driver [3] : TDPIPE - C:\WINDOWS\system32\drivers\TDPIPE.sys :[Microsoft Corporation - 12040 5.1.2600.2180]
Driver [3] : TDTCP - C:\WINDOWS\system32\drivers\TDTCP.sys :[Microsoft Corporation - 21896 5.1.2600.2180]
Running Service [2] : tfsnboio - system32\dla\tfsnboio.sys -
Running Service [2] : tfsncofs - system32\dla\tfsncofs.sys -
Running Service [2] : tfsndrct - system32\dla\tfsndrct.sys -
Running Service [2] : tfsndres - system32\dla\tfsndres.sys -
Running Service [2] : tfsnifs - system32\dla\tfsnifs.sys -
Running Service [2] : tfsnopio - system32\dla\tfsnopio.sys -
Running Service [2] : tfsnpool - system32\dla\tfsnpool.sys -
Running Service [2] : tfsnudf - system32\dla\tfsnudf.sys -
Running Service [2] : tfsnudfa - system32\dla\tfsnudfa.sys -
Running Service [2] : Themes - %SystemRoot%\System32\svchost.exe -k netsvcs - Themes
Running Service [2] : TrkWks - %SystemRoot%\system32\svchost.exe -k netsvcs - Distributed Link Tracking Client
Driver [4] : Udfs - C:\WINDOWS\system32\drivers\Udfs.sys :[Microsoft Corporation - 66176 5.1.2600.2180]
Driver [0] : VolSnap - C:\WINDOWS\system32\drivers\VolSnap.sys :[Microsoft Corporation - 52352 5.1.2600.2180]
Running Service [2] : W32Time - %SystemRoot%\System32\svchost.exe -k netsvcs - Windows Time
Running Service [2] : WebClient - %SystemRoot%\System32\svchost.exe -k LocalService - WebClient
Running Service [2] : winmgmt - %systemroot%\system32\svchost.exe -k netsvcs - Windows Management Instrumentation
Running Service [2] : WMDM PMSP Service - C:\WINDOWS\System32\MsPMSPSv.exe - WMDM PMSP Service
Running Service [2] : wscsvc - %SystemRoot%\System32\svchost.exe -k netsvcs - Security Center
Running Service [2] : wuauserv - %systemroot%\system32\svchost.exe -k netsvcs - Automatic Updates
Running Service [2] : WZCSVC - %SystemRoot%\System32\svchost.exe -k netsvcs - Wireless Zero Configuration

====================SVCHOST DLLs====================
Alerter = C:\WINDOWS\system32\alrsvc.dll [Microsoft Corporation] [17408 5.1.2600.2180]
*AppMgmt = C:\WINDOWS\System32\appmgmts.dll [] [-1 0.0.0.0]
AudioSrv = C:\WINDOWS\System32\audiosrv.dll [Microsoft Corporation] [42496 5.1.2600.2180]
BITS = C:\WINDOWS\System32\qmgr.dll [Microsoft Corporation] [382464 6.6.2600.2180]
Browser = C:\WINDOWS\System32\browser.dll [Microsoft Corporation] [77312 5.1.2600.2180]
CryptSvc = C:\WINDOWS\System32\cryptsvc.dll [Microsoft Corporation] [60416 5.1.2600.2180]
DcomLaunch = C:\WINDOWS\system32\rpcss.dll [Microsoft Corporation] [397824 5.1.2600.2726]
Dhcp = C:\WINDOWS\System32\dhcpcsvc.dll [Microsoft Corporation] [111616 5.1.2600.2912]
dmserver = C:\WINDOWS\System32\dmserver.dll [Microsoft Corp.] [23552 2600.2180.503.0]
Dnscache = C:\WINDOWS\System32\dnsrslvr.dll [Microsoft Corporation] [45568 5.1.2600.2180]
ERSvc = C:\WINDOWS\System32\ersvc.dll [Microsoft Corporation] [23040 5.1.2600.2180]
EventSystem = C:\WINDOWS\System32\es.dll [Microsoft Corporation] [243200 2001.12.4414.308]
FastUserSwitchingCompatibility = C:\WINDOWS\System32\shsvcs.dll [Microsoft Corporation] [134656 6.0.2900.3051]
helpsvc = C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [Microsoft Corporation] [38912 5.1.2600.2180]
HidServ = C:\WINDOWS\System32\hidserv.dll [Microsoft Corporation] [21504 5.1.2600.2180]
HTTPFilter = C:\WINDOWS\System32\w3ssl.dll [Microsoft Corporation] [15872 6.0.2600.2180]
lanmanserver = C:\WINDOWS\System32\srvsvc.dll [Microsoft Corporation] [96768 5.1.2600.2577]
lanmanworkstation = C:\WINDOWS\System32\wkssvc.dll [Microsoft Corporation] [132096 5.1.2600.2976]
LmHosts = C:\WINDOWS\System32\lmhsvc.dll [Microsoft Corporation] [13824 5.1.2600.2180]
Messenger = C:\WINDOWS\System32\msgsvc.dll [Microsoft Corporation] [33792 5.1.2600.2180]
Netman = C:\WINDOWS\System32\netman.dll [Microsoft Corporation] [197632 5.1.2600.2743]
Nla = C:\WINDOWS\System32\mswsock.dll [Microsoft Corporation] [245248 5.1.2600.2180]
NtmsSvc = C:\WINDOWS\system32\ntmssvc.dll [Microsoft Corporation] [435200 5.1.2400.2180]
RasAuto = C:\WINDOWS\System32\rasauto.dll [Microsoft Corporation] [89088 5.1.2600.2180]
RasMan = C:\WINDOWS\System32\rasmans.dll [Microsoft Corporation] [181248 5.1.2600.2936]
RemoteAccess = C:\WINDOWS\System32\mprdim.dll [Microsoft Corporation] [49152 5.1.2600.0]
RpcSs = C:\WINDOWS\system32\rpcss.dll [Microsoft Corporation] [397824 5.1.2600.2726]
Schedule = C:\WINDOWS\system32\schedsvc.dll [Microsoft Corporation] [190976 5.1.2600.2180]
seclogon = C:\WINDOWS\System32\seclogon.dll [Microsoft Corporation] [18944 5.1.2600.2180]
SENS = C:\WINDOWS\system32\sens.dll [Microsoft Corporation] [38912 5.1.2600.2180]
SharedAccess = C:\WINDOWS\System32\ipnathlp.dll [Microsoft Corporation] [331264 5.1.2600.2180]
ShellHWDetection = C:\WINDOWS\System32\shsvcs.dll [Microsoft Corporation] [134656 6.0.2900.3051]
srservice = C:\WINDOWS\System32\srsvc.dll [Microsoft Corporation] [170496 5.1.2600.2180]
SSDPSRV = C:\WINDOWS\System32\ssdpsrv.dll [Microsoft Corporation] [71680 5.1.2600.2180]
stisvc = C:\WINDOWS\system32\wiaservc.dll [Microsoft Corporation] [333824 5.1.2600.3051]
TapiSrv = C:\WINDOWS\System32\tapisrv.dll [Microsoft Corporation] [249344 5.1.2600.2716]
TermService = C:\WINDOWS\System32\termsrv.dll [Microsoft Corporation] [295424 5.1.2600.2180]
Themes = C:\WINDOWS\System32\shsvcs.dll [Microsoft Corporation] [134656 6.0.2900.3051]
TrkWks = C:\WINDOWS\system32\trkwks.dll [Microsoft Corporation] [90624 5.1.2600.2180]
upnphost = C:\WINDOWS\System32\upnphost.dll [Microsoft Corporation] [185344 5.1.2600.2180]
usnsvc = C:\Program Files\MSN Messenger\usnsvc.dll [Microsoft Corporation] [117544 8.0.812.0]
W32Time = C:\WINDOWS\System32\w32time.dll [Microsoft Corporation] [174592 5.1.2600.2180]
WebClient = C:\WINDOWS\System32\webclnt.dll [Microsoft Corporation] [68096 5.1.2600.2821]
winmgmt = C:\WINDOWS\system32\wbem\WMIsvc.dll [Microsoft Corporation] [144896 5.1.2600.2180]
WmdmPmSN = C:\WINDOWS\system32\MsPMSNSv.dll [Microsoft Corporation] [27136 11.0.5721.5145]
wscsvc = C:\WINDOWS\system32\wscsvc.dll [Microsoft Corporation] [81408 5.1.2600.2180]
wuauserv = C:\WINDOWS\System32\wuauserv.dll [Microsoft Corporation] [6656 5.4.3790.2180]
WudfSvc = C:\WINDOWS\System32\WUDFSvc.dll [Microsoft Corporation] [55808 6.0.5716.32]
WZCSVC = C:\WINDOWS\System32\wzcsvc.dll [Microsoft Corporation] [359936 5.1.2600.2180]
xmlprov = C:\WINDOWS\System32\xmlprov.dll [Microsoft Corporation] [129536 5.1.2600.2180]

====================LSPs====================
Provider Name :MSAFD Tcpip [TCP/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_TCP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_STREAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD Tcpip [UDP/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_UDP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD Tcpip [RAW/IP]
Protocol ID :e70f1aa0-ab8b-11cf-8ca3-00805f48a192
Protocol :IPPROTO_IP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_RAW
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :RSVP UDP Service Provider
Protocol ID :9d60a9e0-337a-11d0-bd88-0000c082e69a
Protocol :IPPROTO_UDP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\rsvpsp.dll

Provider Name :RSVP TCP Service Provider
Protocol ID :9d60a9e0-337a-11d0-bd88-0000c082e69a
Protocol :IPPROTO_TCP
LSP Type :Base LSP
Address Family :AF_INET
Socket Type :SOCK_STREAM
DLL Path :%SystemRoot%\system32\rsvpsp.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{54C63FF6-91D6-4769-92C3-EF81C696CE5E}] SEQPACKET 3
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{54C63FF6-91D6-4769-92C3-EF81C696CE5E}] DATAGRAM 3
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{EBFB1ED3-1A56-48DF-B40C-67B26B169485}] SEQPACKET 0
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{EBFB1ED3-1A56-48DF-B40C-67B26B169485}] DATAGRAM 0
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{7837D886-892D-44DB-B03C-4CD4669F9D02}] SEQPACKET 1
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{7837D886-892D-44DB-B03C-4CD4669F9D02}] DATAGRAM 1
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7557F06-AF88-4333-8FD3-DE9FA322B87E}] SEQPACKET 2
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_SEQPACKET
DLL Path :%SystemRoot%\system32\mswsock.dll

Provider Name :MSAFD NetBIOS [\Device\NetBT_Tcpip_{B7557F06-AF88-4333-8FD3-DE9FA322B87E}] DATAGRAM 2
Protocol ID :8d5f1830-c273-11cf-95c8-00805f48a192
Protocol :Unknown
LSP Type :Base LSP
Address Family :AF_NETBIOS
Socket Type :SOCK_DGRAM
DLL Path :%SystemRoot%\system32\mswsock.dll


====================Auto-Run====================
Auto-Run : HKCU\Run\MsnMsgr=C:\Program Files\MSN Messenger\MsnMsgr.Exe=[Microsoft Corporation]=[5354792=8.0.812.0]
Auto-Run : HKCU\Run\ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe=[Microsoft Corporation]=[15360=5.1.2600.2180]
Auto-Run : HKLM\Run\BCMSMMSG=BCMSMMSG.exe=[Broadcom Corporation]=[122880=3.5.25.0]
Auto-Run : HKLM\Run\NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup=[Microsoft Corporation]=[33280=5.1.2600.2180]
Auto-Run : HKLM\Run\dla=C:\WINDOWS\system32\dla\tfswctrl.exe=[Sonic Solutions]=[114741=1.4.5.1]
Auto-Run : HKLM\Run\StorageGuard=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe=[Sonic Solutions]=[155648=1.1.11.0]
Auto-Run : HKLM\Run\Picasa Media Detector=C:\Program Files\Picasa2\PicasaMediaDetector.exe=[Google Inc.]=[366400=2.6.35.97]
Auto-Run : HKLM\Run\KernelFaultCheck=%systemroot%\system32\dumprep 0 -k=[]=[0=0.0.0.0]
Auto-Run : HKLM\Run\QuickTime Task=C:\Program Files\QuickTime\qttask.exe=[Apple Computer, Inc.]=[282624=7.1.5.120]
Auto-Run : HKLM\Run\iTunesHelper=C:\Program Files\iTunes\iTunesHelper.exe=[Apple Inc.]=[257088=7.1.0.59]
Auto-Run : HKLM\RunOnceEx\==[]=[0=0.0.0.0]
Auto-Run : HKLM\Policies\Run\rare=C:\Program Files\Video Access ActiveX Object\pmsnrr.exe=[]=[33280=0.0.0.0]
Auto-Run : HKLM\Policies\Run\user32.dll=C:\Program Files\Video Access ActiveX Object\isamntr.exe=[]=[36864=0.0.0.0]
Auto-Run : HKLM\Winlogon\shell=Explorer.exe=[Microsoft Corporation]=[1032192=6.0.2900.2180]
Auto-Run : HKLM\Winlogon\userinit=C:\WINDOWS\system32\userinit.exe,=[Microsoft Corporation]=[24576=5.1.2600.2180]
Auto-Run : HKLM\Winlogon\UIHost=logonui.exe=[Microsoft Corporation]=[514560=6.0.2900.2180]
Auto-Run : HKCU\NT\Windows\Load==[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}:C:\WINDOWS\system32\SHELL32.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}:C:\WINDOWS\system32\SHELL32.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}:C:\WINDOWS\system32\webcheck.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}:C:\WINDOWS\System32\stobject.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\ShellService\WPDShServiceObj={AAA288BA-9A4C-45B0-95D7-94D524869DB5}:C:\WINDOWS\system32\WPDShServiceObj.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\SharedTask\{438755C2-A8BA-11D1-B96B-00A0C90312E1}=Browseui preloader:C:\WINDOWS\System32\browseui.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\SharedTask\{8C7461EF-2B13-11d2-BE35-3078302C2030}=Component Categories cache daemon:C:\WINDOWS\System32\browseui.dll=[]=[0=0.0.0.0]
Auto-Run : HKLM\Session\BootExecute=autocheck autochk *=[]=[0=0.0.0.0]
Auto-Run : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

====================System Restrictions====================
System Restriction :
====================IE Pages====================
IE Page :SearchURL=http://www.google.com
IE Page :Start Page=http://www.yahoo.com/
IE Page :Search Bar=http://www.google.com/ie
IE Page :Search Page=http://www.google.com
IE Page :SearchAssistant=http://www.google.com
IE Page :Start Page=http://go.microsoft.com/fwlink/?LinkId=69157
IE Page :CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

====================IE Url Prefix====================
IE UrlPrefix :DefaultPrefix=http://
IE UrlPrefix :ftp=ftp://
IE UrlPrefix :gopher=gopher://
IE UrlPrefix :home=http://
IE UrlPrefix :mosaic=http://
IE UrlPrefix :www=http://

====================IE UrlSearchHook====================
IE UrlSearchHook(HKCU) :{CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\system32\ieframe.dll
IE UrlSearchHook(HKLM) :{CFBFAE00-17A6-11D0-99CB-00C04FD64497}=C:\WINDOWS\system32\ieframe.dll

====================IE BHO && Toolbar====================
IE BHO : {02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll=[440384 = 2006.10.26.1]
IE BHO : {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}==[440384 = 2006.10.26.1]
IE BHO : {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll=[440056 = 5.0.110.3]
IE BHO : {9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll=[324416 = 4.0.249.1]
IE BHO : {A6ACAE64-F798-4930-AD86-BD3FB32038DB}=C:\Program Files\Video Access ActiveX Object\isadd.dll=[16896 = 0.0.0.0]
IE Toolbar : {EF99BD32-C1FB-11D2-892F-0090271D4F88}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll=[440384 = 0.10.26.1]

====================Protocol Filter====================
Protocol Filter : Class Install Handler={32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : deflate={8f6b0360-b80d-11d0-a9b3-006097942311}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : gzip={8f6b0360-b80d-11d0-a9b3-006097942311}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : lzdhtml={8f6b0360-b80d-11d0-a9b3-006097942311}=C:\WINDOWS\system32\urlmon.dll=[1149952 = 7.0.6000.16414]
Protocol Filter : text/webviewhtml={733AC4CB-F1A4-11d0-B951-00A0C90312E1}=C:\WINDOWS\system32\SHELL32.dll=[8453632 = 6.0.2900.3051]

====================Notify Dlls====================
Notify Dll : crypt32chain=crypt32.dll=[-1 = 5.131.2600.2180]
Notify Dll : cryptnet=cryptnet.dll=[-1 = 5.131.2600.2180]
Notify Dll : cscdll=cscdll.dll=[-1 = 5.1.2600.2180]
Notify Dll : ScCertProp=wlnotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : Schedule=wlnotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : sclgntfy=sclgntfy.dll=[-1 = 5.1.2600.2180]
Notify Dll : SensLogn=WlNotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : termsrv=wlnotify.dll=[-1 = 5.1.2600.2180]
Notify Dll : WgaLogon=WgaLogon.dll=[-1 = 1.7.17.0]
Notify Dll : wlballoon=wlnotify.dll=[-1 = 5.1.2600.2180]

====================Shell Extensions====================
Shell Extension : {42071714-76d4-11d1-8b24-00a0c9068ff3}=C:\WINDOWS\system32\deskpan.dll=[=-1 = 0.0.0.0]
Shell Extension : {764BF0E1-F219-11ce-972D-00AA00A14F56}==[=-1 = 0.0.0.0]
Shell Extension : {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}==[=-1 = 0.0.0.0]
Shell Extension : {88895560-9AA2-1069-930E-00AA0030EBC8}=C:\WINDOWS\System32\hticons.dll=[Hilgraeve, Inc.=44544 = 5.1.2600.0]
Shell Extension : {0DF44EAA-FF21-4412-828E-260A8728E7F1}==[=-1 = 0.0.0.0]
Shell Extension : {32683183-48a0-441b-a342-7c2a440a9478}==[=-1 = 0.0.0.0]
Shell Extension : {7A9D77BD-5403-11d2-8785-2E0420524153}==[=-1 = 0.0.0.0]
Shell Extension : {acb4a560-3606-11d3-aef4-00104bd0f92d}=C:\Program Files\Common Files\Kodak\ifscore\KodakShX.dll=[Eastman Kodak Company=183296 = 2.0.2300.3]
Shell Extension : {DEE12703-6333-4D4E-8F34-738C4DCC2E04}=C:\Program Files\Sonic\RecordNow!\shlext.dll=[Sonic Solutions=77824 = 1.0.0.1]
Shell Extension : {5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll=[Sonic Solutions=106548 = 1.4.5.1]
Shell Extension : {880E1C60-DBEB-11D3-A4C4-A58C7193AA36}=C:\PROGRA~1\CYBERS~1\cybshell.dll=[CyberScrub LLC=136192 = 4.0.0.110]
Shell Extension : {10F0C2A9-8E38-43E1-204D-45524C494E20}==[=-1 = 0.0.0.0]
Shell Extension : {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}=C:\Program Files\iTunes\iTunesMiniPlayer.dll=[Apple Inc.=132672 = 7.1.0.59]

====================Shell Extension Hooks====================
{AEB6717E-7E19-11d0-97EE-00C04FD91972}=shell32.dll=[Microsoft Corporation=-1 = 6.0.2900.3051]

====================Explorer Bars====================
Explorer Bar : {4D5C8C25-D075-11d0-B416-00C04FB90376} = C:\WINDOWS\System32\shdocvw.dll=[Microsoft Corporation=1497600 6.0.2900.3020]

====================Folder Dlls====================
Folder Dll : {0D2E74C4-3C34-11d2-A27E-00C04FC30871}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {24F14F01-7B1C-11d1-838f-0000F80461CF}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {24F14F02-7B1C-11d1-838f-0000F80461CF}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {66742402-F9B9-11D1-A202-0000F81FEDEE}=C:\WINDOWS\system32\SHELL32.dll=[Microsoft Corporation=8453632 6.0.2900.3051]
Folder Dll : {F9DB5320-233E-11D1-9F84-707F02C10627}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll=[Adobe Systems, Inc.=372736 8.0.0.0]

====================File Associations====================


====================Proxy Settings====================
Proxy Settings : ProxyEnable = [No] ProxyServer = []

====================Name Server====================
Name Server : {54C63FF6-91D6-4769-92C3-EF81C696CE5E}=85.255.115.34,85.255.112.112
Name Server : {7837D886-892D-44DB-B03C-4CD4669F9D02}=
Name Server : {EBFB1ED3-1A56-48DF-B40C-67B26B169485}=85.255.115.34,85.255.112.112

====================Ext Dlls====================


====================Security Sites====================

====================Security Providers====================
Security Providers : CS001 = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Security Providers : CCS = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

====================Other Dlls====================

{3050F406-98B5-11CF-BB82-00AA00BDCE0B}=C:\WINDOWS\system32\mshtml.dll

 

Moderator
Level: 10
Joined: 2/9/2007 4:58:45 PM

Hi Newcup,

This is a new variant of Wzor virus, please follow the instructions below to remove it, you can choose manual removal or automatical removal.

Manual Removal
1. Exit all IE window
2. Launch Adware Away
3. Click "Scan"
4. After the scan is finished, check "Show me the scan result, I know how to fix it"
5. Click "Next"
6. Check these items to remove ( just double click on the item )


Running Process : C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
Running Process : C:\Program Files\Video Access ActiveX Object\isamntr.exe
Running Process : C:\Program Files\Video Access ActiveX Object\pmmnt.exe
Running Process : C:\Program Files\Video Access ActiveX Object\isamini.exe
Auto-Run : HKLM\Policies\Run\rare=C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
Auto-Run : HKLM\Policies\Run\user32.dll=C:\Program Files\Video Access ActiveX Object\isamntr.exe
IE BHO : {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=
IE BHO : {A6ACAE64-F798-4930-AD86-BD3FB32038DB}=C:\Program Files\Video Access ActiveX Object\isadd.dll

7. Click "Fix all checked"
8. Delete this folder and all files in it :

C:\Program Files\Video Access ActiveX Object

Automatical Removal
1. Update Adware Away Reference files
2. After the update is finished, launch Adware Away
3. Click "Scan"
4. After the scan is finished, click "Next"
5. Click "Specialized Remover" in left panel
6. Click "Next"
7. After it is finished, the hijacker will be completely removed.

 

General User
Level: 1
Joined: 3/13/2007 11:10:08 AM

Hi Bruce, it worked like a charm, I used the automatical removal, just a few second, the hijacker is gone, my homepage is back to yahoo. Thank you for your quick reply and excellent support service. keep up the good job.