BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
How to remove VBS:Malware-gen virus???
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > How to remove VBS:Malware-gen virus???  
Forum Quick Jump
 
New Topic Locked Topic Printable version of : How to remove VBS:Malware-gen virus???
[ << Previous Thread | Next Thread >> ]

Ptharshi
New Member


Date Joined May 2008
Total Posts : 2
 
   Posted 5/13/2008 9:52 PM (GMT +3)    Quote: How to remove VBS:Malware-gen virus???Alert an admin about: How to remove VBS:Malware-gen virus???
Hi..my computer and ipod are infected with VBS:Malware-gen virus...avast detects it..but can't delete it...pls help!!!


here is my hijack this file log:

Logfile of HijackThis v1.99.1
Scan saved at 18:37:24, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Nive\Desktop\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.19.16:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?6d777cfd1d4c48c09994b193f9c545ec
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?6d777cfd1d4c48c09994b193f9c545ec
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 5/14/2008 7:47 AM (GMT +3)    Quote: How to remove VBS:Malware-gen virus???Alert an admin about: How to remove VBS:Malware-gen virus???
Hello cool
 
 
Go to Start  - Control Panel  -  Add-Remove Programs
Remove the following if found or any variation:

One of Your antivirus programs

 

"Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and  will typically cause your computer to crash, and will provide less protection.
Not more."
 
Please download Combofix:
 
 
And save to the desktop.

Close all other browser windows.
 
Please connect all your external hard drives/flash drive before running Combofix
 
 
 
Important-> Temporarily disable your anti-virus, real-time protection before performing a scan. They can interfere with combofix or remove some of its embedded files which may cause "unpredictable results". 
 
 
Double-click on the combofix icon found on your desktop.
 
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. 

 When finished, it will produce a logfile located at C:\combofix.txt.
 

Post the contents of that log in your next reply with a new hijackthis log.
 
Please copy and paste your log files. DO NOT add it as an attachment



NB. If you are using any P2P (file sharing) programs, please remove them before we clean your computer.. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.



Do NOT post your problem in someone elses thread.

Back to Top
 

Rodmann
New Member


Date Joined Nov 2009
Total Posts : 1
 
   Posted 11/15/2009 3:02 PM (GMT +3)    Quote: How to remove VBS:Malware-gen virus???Alert an admin about: How to remove VBS:Malware-gen virus???
Hi

I have been having the exact same problem, with Avast detecting malware worms in my PC and ipod/external drives

I ran Combofix and here is the log

ComboFix 09-11-15.01 - HP_Owner 15/11/2009 22:40..2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.303 [GMT 11:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-3471104188-2099034585-1155635987-1003
c:\windows\system32\CHODDI.SYS
D:\Autorun.inf
L:\Autorun.inf
M:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 08:07 . 2009-11-15 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-15 08:07 . 2009-11-15 08:07 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-15 07:41 . 2009-11-15 07:41 -------- d-----w- c:\program files\MSBuild
2009-11-15 07:40 . 2009-11-15 07:40 -------- d-----w- c:\program files\Microsoft.NET
2009-11-15 07:38 . 2009-11-15 07:41 -------- d-----w- c:\windows\SHELLNEW
2009-11-15 07:37 . 2009-11-15 07:37 -------- d-----r- C:\MSOCache
2009-11-15 04:13 . 2009-11-15 04:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 04:07 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-15 04:06 . 2009-11-15 04:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-15 04:02 . 2009-11-15 05:55 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Adobe
2009-11-15 04:02 . 2009-11-15 04:19 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\nos
2009-11-15 04:02 . 2009-11-15 04:02 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-15 04:01 . 2009-11-15 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-15 04:01 . 2009-11-15 04:01 -------- d-----w- c:\program files\NOS
2009-11-15 04:01 . 2009-11-05 22:20 34112 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-15 04:01 . 2009-11-05 22:20 32448 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-15 04:01 . 2009-11-05 22:20 22352 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-15 03:29 . 2009-11-15 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2009-11-15 03:29 . 2009-11-15 03:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-15 03:25 . 2009-11-15 11:50 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2009-11-15 03:23 . 2009-11-15 03:23 -------- d-----w- c:\program files\Common Files\Skype
2009-11-15 03:23 . 2009-11-15 03:24 -------- d-----r- c:\program files\Skype
2009-11-15 03:23 . 2009-11-15 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-15 03:06 . 2009-08-06 08:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-15 03:06 . 2009-08-06 08:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-15 03:04 . 2009-11-15 03:04 -------- d-----w- C:\Rima
2009-11-15 02:00 . 2009-11-15 02:00 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft Help
2009-11-15 02:00 . 2009-11-15 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-15 01:15 . 2009-11-14 09:14 -------- d-----w- c:\windows\I386
2009-11-15 01:13 . 2009-11-15 11:24 -------- d-----w- C:\Program Files
2009-11-15 01:13 . 2009-11-14 13:04 -------- d-----r- c:\documents and settings\All Users\Documents
2009-11-15 01:05 . 2009-11-14 13:51 -------- d-sh--r- c:\windows\system32\dllcache
2009-11-15 00:33 . 2009-11-15 00:33 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-11-15 00:33 . 2009-11-15 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-15 00:25 . 2009-11-15 00:25 -------- d-----w- c:\program files\Alwil Software
2009-11-15 00:04 . 2004-08-04 04:00 984576 ----a-w- c:\windows\system32\syssetup.dll
2009-11-15 00:03 . 2004-08-04 04:00 9216 ----a-w- c:\windows\system32\subst.exe
2009-11-15 00:02 . 2004-08-04 04:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-15 00:01 . 2004-08-04 04:00 97280 ----a-w- c:\windows\system32\dpcdll.dll
2009-11-14 23:13 . 2009-11-15 04:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-14 13:06 . 2009-11-15 11:49 -------- d-----w- c:\documents and settings\HP_Owner\Tracing
2009-11-14 13:04 . 2009-11-14 13:04 -------- d-----w- c:\program files\Microsoft
2009-11-14 13:04 . 2009-11-14 13:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 13:03 . 2009-11-14 13:04 -------- d-----w- c:\program files\Windows Live
2009-11-14 12:54 . 2009-11-14 12:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 12:19 . 2004-08-04 04:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-14 12:18 . 2009-11-14 12:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-14 12:16 . 2009-11-14 12:17 -------- d-----w- C:\a65994a639a9149af8514fae4ec905
2009-11-14 12:16 . 2009-11-14 12:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-14 12:16 . 2009-11-14 12:16 -------- d-----w- c:\windows\system32\LogFiles
2009-11-14 10:13 . 2009-11-15 10:04 109304 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\program files\iPod
2009-11-14 10:08 . 2009-11-14 10:09 -------- d-----w- c:\program files\iTunes
2009-11-14 10:08 . 2009-11-14 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Identities
2009-11-14 10:07 . 2009-11-14 10:07 -------- d-----w- c:\program files\Bonjour
2009-11-14 10:07 . 2009-11-14 10:07 -------- d-----w- c:\program files\QuickTime
2009-11-14 10:06 . 2009-11-14 10:06 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Apple
2009-11-14 10:06 . 2009-11-14 10:06 -------- d-----w- c:\program files\Apple Software Update
2009-11-14 10:06 . 2009-11-14 10:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-14 10:06 . 2009-08-28 08:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-14 10:06 . 2009-08-28 08:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-14 10:05 . 2009-11-14 10:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 10:05 . 2009-11-14 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-14 09:30 . 2009-11-14 09:30 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 09:30 . 2009-11-14 09:30 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2009-11-14 09:15 . 2006-09-25 06:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-14 09:11 . 2009-11-14 09:11 -------- d-s---w- c:\documents and settings\HP_Owner\UserData
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\windows\system32\Lang
2009-11-14 09:05 . 2009-11-14 09:05 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-11-14 09:05 . 2009-11-14 09:05 -------- d-----w- c:\windows\system32\RTCOM
2009-11-14 09:05 . 2009-11-15 02:41 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2009-11-14 09:03 . 2009-11-15 11:49 181 ----a-w- c:\windows\system\hpsysdrv.DAT
2009-11-14 08:32 . 2005-01-11 15:03 109568 ----a-w- c:\windows\system32\pxinsi64.exe
2009-11-14 08:32 . 2004-09-26 13:00 108544 ----a-w- c:\windows\system32\pxcpyi64.exe
2009-11-14 08:31 . 2009-11-15 02:48 -------- d-----w- c:\program files\muvee Technologies
2009-11-14 08:31 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-14 08:30 . 2005-02-23 21:42 176128 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-14 08:21 . 2009-11-14 23:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-14 08:19 . 2004-08-03 11:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2009-11-14 08:19 . 2004-08-03 11:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2009-11-14 08:14 . 2004-08-03 11:59 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2009-11-14 08:14 . 2004-08-03 11:59 5376 ----a-w- c:\windows\system32\dllcache\viaide.sys
2009-11-14 08:10 . 2009-11-15 00:06 -------- d-----w- c:\program files\Easy Internet signup
2009-11-14 08:08 . 2009-11-15 02:49 -------- d-----w- c:\program files\PC-Doctor for DOS
2009-11-14 08:08 . 2005-01-18 23:21 12416 ----a-w- c:\windows\system32\drivers\PcdrNdisuio.sys
2009-11-14 08:08 . 2009-11-15 02:48 -------- d-----w- c:\program files\PC-Doctor for Windows
2009-11-14 08:05 . 2009-11-15 02:45 -------- d-----w- c:\program files\HPQ
2009-11-14 08:04 . 2009-11-14 08:04 118784 ----a-r- c:\windows\bwUnin-6.3.2.62.exe
2009-11-14 08:04 . 2009-11-15 02:41 -------- d-----w- c:\program files\BackWeb
2009-11-14 08:04 . 2009-11-15 02:51 -------- d-----w- c:\program files\Updates from HP
2009-11-14 08:04 . 2004-01-22 16:51 40960 ----a-w- c:\windows\system32\omano.dll
2009-11-14 08:04 . 2002-03-20 03:05 45056 ----a-w- c:\windows\system32\hpreg.dll
2009-11-14 08:02 . 2002-09-20 03:42 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
2009-11-14 08:02 . 2009-11-15 02:38 -------- d-----w- c:\windows\CREATOR
2009-11-14 08:01 . 2009-11-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-11-14 08:01 . 2009-11-14 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-14 08:01 . 2009-11-15 02:38 -------- d-----w- c:\windows\Downloaded Installations
2009-11-14 08:01 . 2009-11-15 07:41 -------- d-----w- c:\program files\Microsoft Works
2009-11-14 08:00 . 2009-11-15 02:47 -------- d-----w- c:\program files\Microsoft Money 2005
2009-11-14 07:59 . 2009-11-15 02:38 -------- d-----w- c:\windows\Cache
2009-11-14 07:59 . 2009-11-15 02:46 -------- d-----w- c:\program files\Macrovision Corp
2009-11-14 07:58 . 2009-11-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-11-14 07:58 . 2004-09-21 09:58 98304 ----a-w- c:\windows\system32\VbiCallback.dll
2009-11-14 07:58 . 2001-07-04 23:33 45056 ----a-w- c:\windows\system32\WSTDEC.dll
2009-11-14 07:58 . 2002-11-20 23:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-11-14 07:58 . 2002-11-20 23:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-11-14 07:58 . 2002-11-20 23:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-11-14 07:58 . 2002-11-20 23:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-11-14 07:58 . 2002-11-20 23:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-11-14 07:58 . 2002-11-20 23:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-11-14 07:58 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\InterVideo
2009-11-14 07:58 . 2009-11-15 02:45 -------- d-----w- c:\program files\InterVideo
2009-11-14 07:58 . 2009-11-15 02:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 07:57 . 2009-11-15 02:42 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-11-14 07:55 . 2009-11-15 02:51 -------- d-----w- c:\program files\WildTangent
2009-11-14 07:54 . 2009-11-15 02:49 -------- d-----w- c:\program files\Real
2009-11-14 07:54 . 2009-11-15 00:05 -------- d-----w- c:\program files\Common Files\Real
2009-11-14 07:53 . 2009-11-15 02:46 -------- d-----w- c:\program files\Microsoft Encarta
2009-11-14 07:53 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-14 07:53 . 2009-11-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-14 07:53 . 2009-11-15 02:49 -------- d-----w- c:\program files\Sonic
2009-11-14 07:53 . 2009-11-15 02:42 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-11-14 07:52 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-14 07:47 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 02:46 . 2004-12-15 17:23 -------- d-----w- c:\program files\microsoft frontpage
2009-11-15 02:40 . 2009-11-14 09:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SampleView
2009-11-15 02:40 . 2009-11-14 09:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Intervideo
2009-11-14 10:13 . 2009-11-14 09:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-11-14 09:06 . 2009-11-14 09:06 1880 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PY062AA-ABG a1160a_YC_0Pavi_QTHT523_E53ANheBLT2_47_IPuffer_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXH2_L409_M512_J400_7Intel_8Pentium 4_93.2_#091114_N10EC8139_Z11C1048C_G10DE0161_OHP DVD Writer 640b.MRK
2009-11-14 08:07 . 2004-11-23 11:57 83443 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-14 08:07 . 2009-11-14 08:07 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-11-14 08:07 . 2009-11-14 08:07 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-11-14 07:50 . 2009-11-14 07:49 94262 ----a-w- c:\windows\HPHins03.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-11-14 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-05-09 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-05-09 233472]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-02-24 1495040]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-07 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-04-07 2805248]
"Zip"="wscript.exe" - c:\windows\system32\wscript.exe [2004-08-04 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2009-11-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [14/11/2009 6:38 PM 24544]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [15/11/2009 11:03 AM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
uWindow Title = Gdooey Mae
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-15 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(628)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-15 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-15 11:53

Pre-Run: 376,818,769,920 bytes free
Post-Run: 376,835,579,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 19788B333531EE1C1594DEDD3457237D




Any help would be so very greatly appreciated

Thanks
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 12975
 
   Posted 11/16/2009 6:25 AM (GMT +3)    Quote: How to remove VBS:Malware-gen virus???Alert an admin about: How to remove VBS:Malware-gen virus???
Hello Rodmann and welcome to BG.
 
 
Download and run Panda USB vaccine:
 
Make sure your all your external drives are connected, before you run it.
 
Still while all your external drives are connected ->
 
 
Please follow this guide:

 Follow the instructions and copy the logs here,
in this Topic.
 
 
Download Security Check by screen317:
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document
 
Please post that log as well.


Do NOT post your problem in someone elses thread.
A non-profit, volunteer network.

Back to Top
 

DarkPrincess
New Member


Date Joined Nov 2009
Total Posts : 6
 
   Posted 11/21/2009 1:26 AM (GMT +3)    Quote: How to remove VBS:Malware-gen virus???Alert an admin about: How to remove VBS:Malware-gen virus???
Hello Touch,

Thank you for your help. I'm experiencing problems with the same malware and my log is as follows:

ComboFix 09-11-20.02 - Susan 11/20/2009 15:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3121 [GMT -6:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091120-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\pciide.sys
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 21:42 . 2009-11-20 21:42 -------- d-----w- c:\windows\system32\LogFiles
2009-11-19 01:15 . 2009-11-19 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 01:15 . 2009-11-19 01:15 152576 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-18 19:59 . 2009-11-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-18 19:59 . 2009-11-18 19:59 -------- d-----w- c:\program files\QuickTime Alternative
2009-11-18 09:28 . 2009-11-18 09:28 -------- d-----w- c:\documents and settings\Susan\Local Settings\Application Data\Identities
2009-11-18 07:53 . 2004-08-04 06:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-18 07:53 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 01:15 . 2009-01-08 06:44 -------- d-----w- c:\program files\Java
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Alwil Software
2009-10-08 09:54 . 2009-10-08 09:47 -------- d-----w- c:\program files\Ultra MP4 Video Converter
2009-09-15 11:59 . 2009-11-18 09:14 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2009-11-18 09:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2009-11-18 09:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2009-11-18 09:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-11-18 09:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2009-11-18 09:14 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-11-18 09:14 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-11-18 09:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2009-11-18 09:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2006-05-03 09:06 . 2009-01-28 01:59 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-01-28 01:59 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-31 1953792]
"Blitzz BWI715"="c:\program files\Blitzz\BWI715\WLANmon.exe" [2004-02-17 663552]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2003-08-21 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\documents and settings\Susan\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/18/2009 3:14 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/18/2009 3:14 AM 20560]
R3 BWI715;BWI715 Wireless Network Adapter Service;c:\windows\system32\drivers\BWI715.sys [1/8/2009 12:56 AM 344096]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [4/16/2009 3:05 PM 39048]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\z4gmtsmu.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 15:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(1648)
c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-20 15:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-20 21:47

Pre-Run: 180,123,889,664 bytes free
Post-Run: 184,014,602,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 80582694F50664D34E47C2E176542564

Post Edited (Touch) : 21-11-2009 02:48:17 GMT

Back to Top
 
New Topic Locked Topic Printable version of : How to remove VBS:Malware-gen virus???
 
Forum Information
Currently it is Tuesday, October 21, 2014 3:08 PM (GMT +3)
There are a total of 60,666 posts in 13,333 threads.
In the last 3 days there were 4 new threads and 0 reply posts. View Active Threads
Who's Online
This forum has 36542 registered members. Please welcome our newest member, mbogawesepi.
3 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Cheap kitchen Appliances (0)10/21/2014 12:05:02 PM (mbogawesepi)
Cheap kitchen Appliances (0)10/21/2014 4:16:57 AM (darahtua)
I very satisfy of this product and I decide to buy it (0)10/21/2014 12:33:09 AM (jaksum)
Errors, warnings, infections, trojans and junk (0)10/20/2014 8:46:20 PM (Deb1957)