Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I think I may be infected with virus or spyware, please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby anubissx » January 9th, 2007, 6:38 am

Hi, after some days passed, I noticed something:
-My laptop connection to the internet is slow, both on wireless and on cable
-It has some error, like "line 63 Error:"length is null or not an object" some thing like this when I start up my laptop
Also, AVG pick up something like Virus found exploit about my firefox web browser, something about profile
C:\document and setting\end user\Local setting\application data\mozilla\firefox\profile...
I have quarantine the files, after that i got the error above and somehow I think my laptop run a little slow (maybe just my imagination)
Anyway, is this the sign of a new virus or malware or something?
Thanks, have a nice day
anubissx
Active Member
 
Posts: 13
Joined: January 3rd, 2007, 11:41 am
Advertisement
Register to Remove

Unread postby Trogan » January 9th, 2007, 9:00 pm

Does the Error happen each time on startup or was it just the once?

Lets run another tool...

1. Download this file to your Desktop - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby anubissx » January 9th, 2007, 11:19 pm

I did as you said so here is the log from combofix
End User - 07-01-10 10:13:37.42 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 ))))))))))))))))))))))))))))))))))


2007-01-06 22:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-06 20:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-06 19:50 <DIR> d-------- C:\Program Files\Java
2007-01-06 19:50 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-05 23:01 <DIR> dr-h----- C:\Documents and Settings\End User\Recent
2007-01-04 12:14 32,149 --a------ C:\WINDOWS\system32\drivers\BkavAuto.sys
2007-01-04 12:14 1,502,534 --a------ C:\WINDOWS\system32\drivers\SysLib.sys
2007-01-04 12:14 <DIR> d-------- C:\Program Files\Bkav2006
2007-01-04 11:00 278,419 -rahs---- C:\WINDOWS\system32\nhatquanglan9.exe
2007-01-04 10:27 <DIR> d-------- C:\Program Files\Hijackthis
2006-12-24 17:29 <DIR> d-------- C:\Documents and Settings\End User\WLANProfiles
2006-12-24 12:47 <DIR> d-------- C:\Program Files\FLVPlayer
2006-12-21 09:53 <DIR> d-------- C:\Program Files\Cabal_GSP


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-10 10:13 -------- d-------- C:\Program Files\FlashGet
2007-01-10 09:52 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-10 08:25 -------- d-------- C:\Documents and Settings\End User\Application Data\AVG7
2007-01-09 17:25 -------- d---s---- C:\Documents and Settings\End User\Application Data\Microsoft
2007-01-07 00:10 -------- d-------- C:\Program Files\Wireless Console 2
2007-01-07 00:10 -------- d-------- C:\Program Files\Windows Media Player
2007-01-07 00:09 -------- d-------- C:\Program Files\LClock
2007-01-07 00:08 -------- d-------- C:\Program Files\Internet Explorer
2007-01-07 00:05 -------- d-------- C:\Program Files\Common Files\Stardock
2007-01-07 00:04 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-01-06 20:33 -------- d-------- C:\Program Files\Grisoft
2007-01-06 19:50 -------- d-------- C:\Program Files\Common Files
2007-01-05 22:40 -------- d-------- C:\Documents and Settings\End User\Application Data\Skype
2007-01-04 11:20 96256 --a------ C:\WINDOWS\system32\drivers\sptd5693.sys
2006-12-17 01:43 -------- d-------- C:\Program Files\Outlook Express
2006-12-17 01:43 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 19:26 -------- d-------- C:\Program Files\VinaGame
2006-12-07 09:50 -------- d-------- C:\Program Files\Electronic Arts
2006-12-06 11:39 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-05 15:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-02 21:33 -------- d-------- C:\Program Files\Guild Wars
2006-11-19 23:19 -------- dr-h----- C:\Documents and Settings\End User\Application Data\yahoo!
2006-11-17 14:07 -------- d-------- C:\Program Files\THQ
2006-11-17 11:27 -------- d-------- C:\Program Files\MSECache
2006-11-16 10:31 -------- d-------- C:\Program Files\SEGA
2006-11-14 01:44 -------- d-------- C:\Documents and Settings\End User\Application Data\Talkback
2006-11-13 11:26 -------- d-------- C:\Program Files\Microsoft Office
2006-11-13 11:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-13 10:46 -------- d-------- C:\Program Files\Microsoft Works
2006-11-13 10:45 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-13 00:54 -------- d-------- C:\Program Files\UniKey
2006-11-13 00:54 -------- d-------- C:\Documents and Settings\End User\Application Data\Help
2006-11-08 12:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 10:17 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-28 00:57 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-27 15:09 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL
2006-10-19 20:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --a------ C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --a------ C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --a------ C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --a------ C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --a------ C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --a------ C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --a------ C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --a------ C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --a------ C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --a------ C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --a------ C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 19:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 23:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 23:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 23:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 23:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 23:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 23:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"ATKMEDIA"="C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE"
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
"SMSERIAL"="sm56hlpr.exe"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f3,01,00,00,bb,00,00,00,7a,00,00,00,70,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Yahoo Messengger"="C:\\WINDOWS\\system32\\SVIICHOST.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Yahoo Messengger"="C:\\WINDOWS\\system32\\SVIICHOST.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NofolderOptions"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NofolderOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoCAD Startup Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "
"item"="AutoCAD Startup Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALU"
"hkey"="HKLM"
"command"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VisualToolTip"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VIPv3\\VIPtooltip\\VisualToolTip.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job

Completion time: 07-01-10 10:14:09.42
C:\ComboFix.txt ... 07-01-10 10:14

About the virus with firefox I said above, AVG anti-virus keep detected this virus, is it truly a virus or something else?
Thank for the help, have a nice day
anubissx
Active Member
 
Posts: 13
Joined: January 3rd, 2007, 11:41 am

Unread postby Trogan » January 10th, 2007, 3:42 am

Hi anubissx!

About the virus with firefox I said above, AVG anti-virus keep detected this virus, is it truly a virus or something else?

I can't say for sure if it was a Virus. Do you remember what AVG detected it as? What name? Let me know in your next reply
________________________

This file did not get deleted as it is showing in your ComboFix log.

C:\WINDOWS\system32\nhatquanglan9.exe

Lets try deleting it with another tool...

Please download Killbox and save it to your desktop.

Next, copy everything in the Quote box below by pressing Ctrl+C
C:\WINDOWS\system32\nhatquanglan9.exe

Next, open Killbox
Go to File tab and select Paste from Clipboard
Select the Delete on Reboot option
Select Single File
Now click on the Red Circle with the White X
Press Yes to reboot your computer.

After the computer has rebooted, run ComboFix again. It will produce a new log. Please post the here and answer the questions above.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby anubissx » January 10th, 2007, 4:31 am

Here is the new combofix log
End User - 07-01-10 15:25:20.43 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Downloads"

((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 ))))))))))))))))))))))))))))))))))


2007-01-10 15:22 <DIR> d-------- C:\!KillBox
2007-01-10 13:20 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-06 22:36 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-06 20:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-06 19:50 <DIR> d-------- C:\Program Files\Java
2007-01-06 19:50 <DIR> d-------- C:\Program Files\Common Files\Java
2007-01-05 23:01 <DIR> dr-h----- C:\Documents and Settings\End User\Recent
2007-01-04 12:14 32,149 --a------ C:\WINDOWS\system32\drivers\BkavAuto.sys
2007-01-04 12:14 1,502,534 --a------ C:\WINDOWS\system32\drivers\SysLib.sys
2007-01-04 12:14 <DIR> d-------- C:\Program Files\Bkav2006
2007-01-04 10:27 <DIR> d-------- C:\Program Files\Hijackthis
2006-12-24 17:29 <DIR> d-------- C:\Documents and Settings\End User\WLANProfiles
2006-12-24 12:47 <DIR> d-------- C:\Program Files\FLVPlayer
2006-12-21 09:53 <DIR> d-------- C:\Program Files\Cabal_GSP


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-10 15:23 -------- d-------- C:\Program Files\FlashGet
2007-01-10 15:21 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-10 08:25 -------- d-------- C:\Documents and Settings\End User\Application Data\AVG7
2007-01-09 17:25 -------- d---s---- C:\Documents and Settings\End User\Application Data\Microsoft
2007-01-07 00:10 -------- d-------- C:\Program Files\Wireless Console 2
2007-01-07 00:10 -------- d-------- C:\Program Files\Windows Media Player
2007-01-07 00:09 -------- d-------- C:\Program Files\LClock
2007-01-07 00:08 -------- d-------- C:\Program Files\Internet Explorer
2007-01-07 00:05 -------- d-------- C:\Program Files\Common Files\Stardock
2007-01-07 00:04 -------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-01-06 20:33 -------- d-------- C:\Program Files\Grisoft
2007-01-06 19:50 -------- d-------- C:\Program Files\Common Files
2007-01-05 22:40 -------- d-------- C:\Documents and Settings\End User\Application Data\Skype
2007-01-04 11:20 96256 --a------ C:\WINDOWS\system32\drivers\sptd5693.sys
2006-12-17 01:43 -------- d-------- C:\Program Files\Outlook Express
2006-12-17 01:43 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 19:26 -------- d-------- C:\Program Files\VinaGame
2006-12-07 09:50 -------- d-------- C:\Program Files\Electronic Arts
2006-12-06 11:39 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-12-05 15:48 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-12-02 21:33 -------- d-------- C:\Program Files\Guild Wars
2006-11-19 23:19 -------- dr-h----- C:\Documents and Settings\End User\Application Data\yahoo!
2006-11-17 14:07 -------- d-------- C:\Program Files\THQ
2006-11-17 11:27 -------- d-------- C:\Program Files\MSECache
2006-11-16 10:31 -------- d-------- C:\Program Files\SEGA
2006-11-14 01:44 -------- d-------- C:\Documents and Settings\End User\Application Data\Talkback
2006-11-13 11:26 -------- d-------- C:\Program Files\Microsoft Office
2006-11-13 11:26 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-13 10:46 -------- d-------- C:\Program Files\Microsoft Works
2006-11-13 10:45 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-11-13 00:54 -------- d-------- C:\Program Files\UniKey
2006-11-13 00:54 -------- d-------- C:\Documents and Settings\End User\Application Data\Help
2006-11-08 12:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-06 10:17 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-28 00:57 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-27 15:09 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-26 14:10 33088 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2006-10-26 14:10 1190688 --a------ C:\WINDOWS\system32\FM20.DLL
2006-10-26 13:45 293376 --a------ C:\WINDOWS\system32\WISPTIS.EXE
2006-10-26 13:45 207360 --a------ C:\WINDOWS\system32\INKED.DLL
2006-10-19 20:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --a------ C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --a------ C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --a------ C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --a------ C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --a------ C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --a------ C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --a------ C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --a------ C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --a------ C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --a------ C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --a------ C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --a------ C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --a------ C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --a------ C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --a------ C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --a------ C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --a------ C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --a------ C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --a------ C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --a------ C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --a------ C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --a------ C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --a------ C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --a------ C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --a------ C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --a------ C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --a------ C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 19:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 23:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 23:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 23:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 23:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 23:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 23:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AWMON"="\"C:\\Program Files\\Lavasoft\\Ad-Aware SE Professional\\Ad-Watch.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HControl"="C:\\WINDOWS\\ATK0100\\HControl.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\ASUSTeK\\ASUSDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"EOUApp"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\EOUWiz.exe\""
"ATKMEDIA"="C:\\Program Files\\ASUS\\ATK Media\\DMEDIA.EXE"
"Power_Gear"="C:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe 1"
"ACMON"="C:\\Program Files\\ASUS\\Splendid\\ACMON.exe"
"Wireless Console 2"="C:\\Program Files\\Wireless Console 2\\wcourier.exe"
"ABLKSR"="C:\\WINDOWS\\ABLKSR\\ABLKSR.exe"
"SMSERIAL"="sm56hlpr.exe"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f3,01,00,00,bb,00,00,00,7a,00,00,00,70,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Yahoo Messengger"="C:\\WINDOWS\\system32\\SVIICHOST.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
"Yahoo Messengger"="C:\\WINDOWS\\system32\\SVIICHOST.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NofolderOptions"=dword:00000001

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NofolderOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\AutoCAD Startup Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "
"item"="AutoCAD Startup Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALU"
"hkey"="HKLM"
"command"="C:\\Program Files\\ASUS\\ASUS Live Update\\ALU.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VisualToolTip"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\VIPv3\\VIPtooltip\\VisualToolTip.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job

Completion time: 07-01-10 15:25:55.20
C:\ComboFix.txt ... 07-01-10 15:25
C:\ComboFix2.txt ... 07-01-10 10:14

As for the name of the virus
Virus name is : Virus found exploit
File name is : 253AEFBCd01,F253AE76d01, F253AEA5d01
I hope this is not a virus.
anubissx
Active Member
 
Posts: 13
Joined: January 3rd, 2007, 11:41 am

Unread postby Trogan » January 10th, 2007, 2:38 pm

I think its fine, but lets check with AVG anti-spyware.

Locate this folder:

C:\document and setting\end user\Local setting\application data\mozilla\firefox\profile

Right-click and select Scan with AVG Anti-Spyware. If nothing is found, then the computer is clean.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby anubissx » January 10th, 2007, 11:19 pm

I did AVG Anti-Spyware and it find nothing.
Wonder why AVG Virus detected it as virus.
Any way, thank for the help.
If something happen later, can I PM you for help?
Thank again and have a nice day
anubissx
Active Member
 
Posts: 13
Joined: January 3rd, 2007, 11:41 am

Unread postby Trogan » January 11th, 2007, 1:30 am

Give it a day or two and then let me know how things are. Hopefully, everything should be clear. :)
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby Trogan » January 12th, 2007, 8:31 pm

How is the computer? Can we mark this resolved?
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London

Unread postby anubissx » January 12th, 2007, 11:25 pm

Yes, I dont notice anything abnormal anymore.
Thank you very much, you really help me alot.
Also thank to this forum that I met you ^^
Thanks again and have a nice day.
anubissx
Active Member
 
Posts: 13
Joined: January 3rd, 2007, 11:41 am

Unread postby NonSuch » January 13th, 2007, 2:07 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 332 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware