Win32.explorerhijack

moooooh

A few days ago i was downloading some videos and the next day I received some messages from my anti virus program saying something about win32.explorerhijack. Can anyone tell me what that is? and does anyone know how to get rid of it? I am very bad with computer and I had no idea what to do with this. Please help! Thankx.

rootkit

Download: http://subs.geekstogo.com/ComboFix.exe and save it on your Desktop.

How to: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post here the log.

moooooh

Here is the log and what is trojan.injector and trojan.generic, it is shown on the warning from my anti-virus system.

ComboFix 08-09-22.06 - duy tran 2008-09-23 19:26:16.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.898 [GMT -5:00]

Running from: C:\Users\duy tran\Desktop\ComboFix.exe

* Created a new restore point

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Users\duy tran\AppData\Roaming\Install.dat

.

((((((((((((((((((((((((( Files Created from 2008-08-24 to 2008-09-24 )))))))))))))))))))))))))))))))

.

2008-09-23 18:21 . 2008-09-23 18:21 <DIR> d-------- C:\Users\duy tran\AppData\Roaming\Malwarebytes

2008-09-23 18:21 . 2008-09-23 18:21 <DIR> d-------- C:\Users\All Users\Malwarebytes

2008-09-23 18:21 . 2008-09-23 18:21 <DIR> d-------- C:\ProgramData\Malwarebytes

2008-09-23 18:21 . 2008-09-23 18:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-09-23 18:21 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys

2008-09-23 18:21 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys

2008-09-21 20:52 . 2008-09-23 13:30 47,104 --a------ C:\Windows\System32\rpcnet.dll

2008-09-17 19:49 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll

2008-09-17 19:49 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll

2008-09-17 19:49 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe

2008-09-17 19:49 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll

2008-09-17 19:48 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll

2008-09-17 19:48 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe

2008-09-09 14:39 . 2008-07-30 20:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-09 14:39 . 2008-08-01 20:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys

2008-09-09 14:39 . 2008-06-25 22:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll

2008-09-09 14:39 . 2008-06-25 22:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll

2008-09-09 14:39 . 2008-05-08 14:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys

2008-09-09 14:39 . 2008-05-19 21:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys

2008-09-09 14:39 . 2008-06-25 22:29 45,056 --a------ C:\Windows\System32\dataclen.dll

2008-09-09 14:39 . 2008-08-01 22:26 36,864 --a------ C:\Windows\System32\cdd.dll

2008-09-09 14:39 . 2008-07-30 22:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-08-24 14:54 . 2008-09-02 22:11 <DIR> d-------- C:\Windows\Downloaded Installations

2008-08-24 13:32 . 2008-08-24 13:33 <DIR> d-------- C:\Users\duy tran\AppData\Roaming\Media Player Classic

2008-08-24 13:32 . 2008-08-24 13:32 <DIR> d-------- C:\Users\duy tran\AppData\Roaming\DivX

2008-08-24 13:09 . 2008-08-24 13:36 <DIR> d-------- C:\Program Files\VideoLAN

2008-08-24 12:52 . 2008-08-24 12:52 <DIR> d-------- C:\Users\duy tran\AppData\Roaming\Yahoo!

2008-08-24 12:52 . 2008-08-24 14:13 <DIR> d-------- C:\Program Files\Yahoo!

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-23 18:33 17,408 ----a-w C:\Windows\System32\rpcnetp.exe

2008-09-18 18:00 47,104 ----a-w C:\Windows\System32\rpcnet.exe

2008-09-18 18:00 47,104 ----a-w C:\Windows\System32\_pz_rpcnet.dll

2008-09-12 17:56 17,408 ----a-w C:\Windows\System32\rpcnetp.dll

2008-09-12 17:56 --------- d-----w C:\Program Files\McAfee

2008-09-03 03:11 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-24 17:53 --------- d-----w C:\Program Files\Common Files\PX Storage Engine

2008-08-21 00:44 --------- d-----w C:\Program Files\Microsoft ActiveSync

2008-08-21 00:43 --------- d-----w C:\Program Files\Microsoft.NET

2008-08-21 00:39 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-08-21 00:35 717,296 ----a-w C:\Windows\system32\drivers\sptd.sys

2008-08-21 00:35 --------- d-----w C:\Users\duy tran\AppData\Roaming\DAEMON Tools

2008-08-20 04:27 --------- d-----w C:\Users\duy tran\AppData\Roaming\Roxio

2008-08-20 04:27 --------- d-----w C:\ProgramData\Roxio

2008-08-20 01:08 --------- d-----w C:\Program Files\MSECache

2008-08-16 18:30 --------- d-----w C:\Program Files\Windows Mail

2008-08-13 02:48 --------- d-----w C:\Users\duy tran\AppData\Roaming\EstSoft

2008-08-13 02:48 --------- d-----w C:\Program Files\ESTsoft

2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe

2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll

2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll

2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll

2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll

2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll

2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll

2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll

2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll

2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll

2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll

2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll

2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll

2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll

2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll

2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll

2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll

2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe

2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-29 04:27 --------- d-----w C:\Program Files\Google

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-07-14 13:40 988,216 ----a-w C:\Windows\System32\winload.exe

2008-07-14 13:40 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-07-14 13:40 615,992 ----a-w C:\Windows\System32\ci.dll

2008-07-14 13:40 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-07-14 13:40 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-07-14 13:40 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-07-14 13:40 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-07-14 13:40 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-07-14 13:40 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-07-14 13:40 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-07-14 13:40 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-07-14 13:40 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll

2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll

2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll

2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-14 68856]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]

"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-20 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-20 1008184]

"ECenter"="C:\Dell\E-Center\EULALauncher.exe" [2008-02-28 17920]

"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2008-05-04 167936]

"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-06 141848]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-06 166424]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-06 133656]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]

"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-05-19 3444736]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-14 29744]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]

"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]

"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]

"ALYac"="C:\Program Files\ESTsoft\ALYac\AYUpdate.exe" [2008-01-11 79304]

C:\Users\duy tran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2008-05-13 1058088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-07-14 50688]

QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1193240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-07-14 06:16 10536 C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"DefaultOutboundAction"= 0 (0x0)

"DefaultInboundAction"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{BC50E451-23AA-48D0-806B-F493E3F1B440}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{1268E7F5-4963-4298-8073-3F518721719C}"= C:\Program Files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{E9E6DF6C-D774-41F2-BA99-1A133D6B4E1F}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{2FB26020-731F-42DB-B3D2-1E8495AFB733}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{C67E1573-E739-4D73-9393-0E873398113D}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{017162E1-1509-4EB3-86ED-ACE46AF06E48}"= UDP:9420:Akamai Network Manager

"{93259CAE-841F-4460-A16A-ECDCAFC4A212}"= TCP:5000:Akamai Network Manager

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-11-12 73728]

R2 ALYac_PZSrv;ALYac_PZSrv;C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye [2008-07-11 751048]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]

R3 AYDrvNT_ALYAC;AYDrvNT_ALYAC;C:\Program Files\ESTsoft\ALYac\AYDrvNT.sys [2008-03-18 14792]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-09-29 278528]

S3 GoToAssist;GoToAssist;C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe Start=service [ ]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5310d460-6f19-11dd-822a-001d095a3a65}]

\shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PCD5SRVC{3F6A8B78-EC003E00-05040000}

*Newly Created Service* - PROCEXP90

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Users\duy tran\AppData\Roaming\Mozilla\Firefox\Profiles\ipz52ijt.default\

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-23 19:28:40

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-09-23 19:29:56

ComboFix-quarantined-files.txt 2008-09-24 00:29:39

Pre-Run: 74,592,477,184 bytes free

Post-Run: 74,935,214,080 bytes free

204 --- E O F --- 2008-09-18 22:37:00

rootkit

Post here a Hijackthis log !

Instructions: http://forum.bitdefender.com/index.php?showtopic=5668