The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

How to remove VBS:Malware-gen virus???

Posted 5/13/2008 6:52 PM
#62149
User avatar

Ptharshi Member

Date Joined Nov 2016
Total Posts: 2
Hi..my computer and ipod are infected with VBS:Malware-gen virus...avast detects it..but can't delete it...pls help!!!


here is my hijack this file log:

Logfile of HijackThis v1.99.1
Scan saved at 18:37:24, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Nive\Desktop\alternativ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Sujin.com.np
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.19.16:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wscript.exe C:\WINDOWS\system32\VirusRemoval.vbs
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?6d777cfd1d4c48c09994b193f9c545ec
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?6d777cfd1d4c48c09994b193f9c545ec
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=pavilion&pf=laptop
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - https://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Posted 5/14/2008 4:47 AM
#62158
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :cool:





Go to Start - Control Panel - Add-Remove Programs

Remove the following if found or any variation:

[2][color=#ff0000>[b]One of Your antivirus programs[/b][/2]


[3].
[/3]Not more."




[3]Please download Combofix: [/3]

[3]https://download.bleepingcomputer.com/sUBs/ComboFix.exe[/3]

[3] [/3]

[3] [/3]

[3]And save to the desktop. [/3]


[3][color=#000000>[color=#000000>] [/3][/color]

[3] [/3]

[3][color=#000000>[color=#000000> [/3][/color]


[3] [/3]


[3]Post the contents of that log in your next reply with a new hijackthis log. [/3]

[3] [/3]

Please copy and paste your log files. DO NOT add it as an attachment






[3][color=#000000>If][/color]. We do not clean logs that have P2P applications installed as this can cause reinfection during your cleaning.






[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/15/2009 12:02 PM
#79592
User avatar

Rodmann Member

Date Joined Nov 2016
Total Posts: 1
Hi

I have been having the exact same problem, with Avast detecting malware worms in my PC and ipod/external drives

I ran Combofix and here is the log

ComboFix 09-11-15.01 - HP_Owner 15/11/2009 22:40..2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.303 [GMT 11:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\HP_Owner\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Owner\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-3471104188-2099034585-1155635987-1003
c:\windows\system32\CHODDI.SYS
D:\Autorun.inf
L:\Autorun.inf
M:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.

2009-11-15 08:07 . 2009-11-15 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2009-11-15 08:07 . 2009-11-15 08:07 -------- d-----w- c:\program files\McAfee Security Scan
2009-11-15 07:41 . 2009-11-15 07:41 -------- d-----w- c:\program files\MSBuild
2009-11-15 07:40 . 2009-11-15 07:40 -------- d-----w- c:\program files\Microsoft.NET
2009-11-15 07:38 . 2009-11-15 07:41 -------- d-----w- c:\windows\SHELLNEW
2009-11-15 07:37 . 2009-11-15 07:37 -------- d-----r- C:\MSOCache
2009-11-15 04:13 . 2009-11-15 04:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 04:07 . 2009-10-10 07:07 38208 ----a-w- c:\documents and settings\HP_Owner\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-15 04:06 . 2009-11-15 04:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-15 04:02 . 2009-11-15 05:55 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Adobe
2009-11-15 04:02 . 2009-11-15 04:19 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\nos
2009-11-15 04:02 . 2009-11-15 04:02 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-15 04:01 . 2009-11-15 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-15 04:01 . 2009-11-15 04:01 -------- d-----w- c:\program files\NOS
2009-11-15 04:01 . 2009-11-05 22:20 34112 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-15 04:01 . 2009-11-05 22:20 32448 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-15 04:01 . 2009-11-05 22:20 22352 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-11-15 03:29 . 2009-11-15 05:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2009-11-15 03:29 . 2009-11-15 03:29 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-15 03:25 . 2009-11-15 11:50 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2009-11-15 03:23 . 2009-11-15 03:23 -------- d-----w- c:\program files\Common Files\Skype
2009-11-15 03:23 . 2009-11-15 03:24 -------- d-----r- c:\program files\Skype
2009-11-15 03:23 . 2009-11-15 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-11-15 03:06 . 2009-08-06 08:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-15 03:06 . 2009-08-06 08:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-15 03:04 . 2009-11-15 03:04 -------- d-----w- C:\Rima
2009-11-15 02:00 . 2009-11-15 02:00 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft Help
2009-11-15 02:00 . 2009-11-15 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-15 01:15 . 2009-11-14 09:14 -------- d-----w- c:\windows\I386
2009-11-15 01:13 . 2009-11-15 11:24 -------- d-----w- C:\Program Files
2009-11-15 01:13 . 2009-11-14 13:04 -------- d-----r- c:\documents and settings\All Users\Documents
2009-11-15 01:05 . 2009-11-14 13:51 -------- d-sh--r- c:\windows\system32\dllcache
2009-11-15 00:33 . 2009-11-15 00:33 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2009-11-15 00:33 . 2009-11-15 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-15 00:25 . 2009-11-15 00:25 -------- d-----w- c:\program files\Alwil Software
2009-11-15 00:04 . 2004-08-04 04:00 984576 ----a-w- c:\windows\system32\syssetup.dll
2009-11-15 00:03 . 2004-08-04 04:00 9216 ----a-w- c:\windows\system32\subst.exe
2009-11-15 00:02 . 2004-08-04 04:00 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-11-15 00:01 . 2004-08-04 04:00 97280 ----a-w- c:\windows\system32\dpcdll.dll
2009-11-14 23:13 . 2009-11-15 04:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-11-14 13:06 . 2009-11-15 11:49 -------- d-----w- c:\documents and settings\HP_Owner\Tracing
2009-11-14 13:04 . 2009-11-14 13:04 -------- d-----w- c:\program files\Microsoft
2009-11-14 13:04 . 2009-11-14 13:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-14 13:03 . 2009-11-14 13:04 -------- d-----w- c:\program files\Windows Live
2009-11-14 12:54 . 2009-11-14 12:54 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-14 12:19 . 2004-08-04 04:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-11-14 12:18 . 2009-11-14 12:18 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-14 12:16 . 2009-11-14 12:17 -------- d-----w- C:\a65994a639a9149af8514fae4ec905
2009-11-14 12:16 . 2009-11-14 12:17 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-11-14 12:16 . 2009-11-14 12:16 -------- d-----w- c:\windows\system32\LogFiles
2009-11-14 10:13 . 2009-11-15 10:04 109304 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\program files\iPod
2009-11-14 10:08 . 2009-11-14 10:09 -------- d-----w- c:\program files\iTunes
2009-11-14 10:08 . 2009-11-14 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 10:08 . 2009-11-14 10:08 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Identities
2009-11-14 10:07 . 2009-11-14 10:07 -------- d-----w- c:\program files\Bonjour
2009-11-14 10:07 . 2009-11-14 10:07 -------- d-----w- c:\program files\QuickTime
2009-11-14 10:06 . 2009-11-14 10:06 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Apple
2009-11-14 10:06 . 2009-11-14 10:06 -------- d-----w- c:\program files\Apple Software Update
2009-11-14 10:06 . 2009-11-14 10:09 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-14 10:06 . 2009-08-28 08:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-11-14 10:06 . 2009-08-28 08:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-14 10:05 . 2009-11-14 10:05 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 10:05 . 2009-11-14 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-14 09:30 . 2009-11-14 09:30 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 09:30 . 2009-11-14 09:30 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Mozilla
2009-11-14 09:15 . 2006-09-25 06:58 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-14 09:11 . 2009-11-14 09:11 -------- d-s---w- c:\documents and settings\HP_Owner\UserData
2009-11-14 09:07 . 2009-11-14 09:07 -------- d-----w- c:\windows\system32\Lang
2009-11-14 09:05 . 2009-11-14 09:05 -------- d---a-w- c:\program files\Common Files\LightScribe
2009-11-14 09:05 . 2009-11-14 09:05 -------- d-----w- c:\windows\system32\RTCOM
2009-11-14 09:05 . 2009-11-15 02:41 -------- d-----w- c:\documents and settings\Default User\WINDOWS
2009-11-14 09:03 . 2009-11-15 11:49 181 ----a-w- c:\windows\system\hpsysdrv.DAT
2009-11-14 08:32 . 2005-01-11 15:03 109568 ----a-w- c:\windows\system32\pxinsi64.exe
2009-11-14 08:32 . 2004-09-26 13:00 108544 ----a-w- c:\windows\system32\pxcpyi64.exe
2009-11-14 08:31 . 2009-11-15 02:48 -------- d-----w- c:\program files\muvee Technologies
2009-11-14 08:31 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-11-14 08:30 . 2005-02-23 21:42 176128 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-14 08:21 . 2009-11-14 23:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-14 08:19 . 2004-08-03 11:59 36096 ----a-w- c:\windows\system32\drivers\intelppm.sys
2009-11-14 08:19 . 2004-08-03 11:59 36096 ----a-w- c:\windows\system32\dllcache\intelppm.sys
2009-11-14 08:14 . 2004-08-03 11:59 5376 ----a-w- c:\windows\system32\drivers\viaide.sys
2009-11-14 08:14 . 2004-08-03 11:59 5376 ----a-w- c:\windows\system32\dllcache\viaide.sys
2009-11-14 08:10 . 2009-11-15 00:06 -------- d-----w- c:\program files\Easy Internet signup
2009-11-14 08:08 . 2009-11-15 02:49 -------- d-----w- c:\program files\PC-Doctor for DOS
2009-11-14 08:08 . 2005-01-18 23:21 12416 ----a-w- c:\windows\system32\drivers\PcdrNdisuio.sys
2009-11-14 08:08 . 2009-11-15 02:48 -------- d-----w- c:\program files\PC-Doctor for Windows
2009-11-14 08:05 . 2009-11-15 02:45 -------- d-----w- c:\program files\HPQ
2009-11-14 08:04 . 2009-11-14 08:04 118784 ----a-r- c:\windows\bwUnin-6.3.2.62.exe
2009-11-14 08:04 . 2009-11-15 02:41 -------- d-----w- c:\program files\BackWeb
2009-11-14 08:04 . 2009-11-15 02:51 -------- d-----w- c:\program files\Updates from HP
2009-11-14 08:04 . 2004-01-22 16:51 40960 ----a-w- c:\windows\system32\omano.dll
2009-11-14 08:04 . 2002-03-20 03:05 45056 ----a-w- c:\windows\system32\hpreg.dll
2009-11-14 08:02 . 2002-09-20 03:42 122880 ----a-w- c:\windows\system32\ShellvRTF.dll
2009-11-14 08:02 . 2009-11-15 02:38 -------- d-----w- c:\windows\CREATOR
2009-11-14 08:01 . 2009-11-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-11-14 08:01 . 2009-11-14 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-14 08:01 . 2009-11-15 02:38 -------- d-----w- c:\windows\Downloaded Installations
2009-11-14 08:01 . 2009-11-15 07:41 -------- d-----w- c:\program files\Microsoft Works
2009-11-14 08:00 . 2009-11-15 02:47 -------- d-----w- c:\program files\Microsoft Money 2005
2009-11-14 07:59 . 2009-11-15 02:38 -------- d-----w- c:\windows\Cache
2009-11-14 07:59 . 2009-11-15 02:46 -------- d-----w- c:\program files\Macrovision Corp
2009-11-14 07:58 . 2009-11-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-11-14 07:58 . 2004-09-21 09:58 98304 ----a-w- c:\windows\system32\VbiCallback.dll
2009-11-14 07:58 . 2001-07-04 23:33 45056 ----a-w- c:\windows\system32\WSTDEC.dll
2009-11-14 07:58 . 2002-11-20 23:57 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2009-11-14 07:58 . 2002-11-20 23:57 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2009-11-14 07:58 . 2002-11-20 23:57 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2009-11-14 07:58 . 2002-11-20 23:57 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2009-11-14 07:58 . 2002-11-20 23:57 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2009-11-14 07:58 . 2002-11-20 23:57 20480 ----a-w- c:\windows\system32\IVIresize.dll
2009-11-14 07:58 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\InterVideo
2009-11-14 07:58 . 2009-11-15 02:45 -------- d-----w- c:\program files\InterVideo
2009-11-14 07:58 . 2009-11-15 02:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-14 07:57 . 2009-11-15 02:42 -------- d-----w- c:\program files\Common Files\TiVo Shared
2009-11-14 07:55 . 2009-11-15 02:51 -------- d-----w- c:\program files\WildTangent
2009-11-14 07:54 . 2009-11-15 02:49 -------- d-----w- c:\program files\Real
2009-11-14 07:54 . 2009-11-15 00:05 -------- d-----w- c:\program files\Common Files\Real
2009-11-14 07:53 . 2009-11-15 02:46 -------- d-----w- c:\program files\Microsoft Encarta
2009-11-14 07:53 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-11-14 07:53 . 2009-11-15 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-11-14 07:53 . 2009-11-15 02:49 -------- d-----w- c:\program files\Sonic
2009-11-14 07:53 . 2009-11-15 02:42 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-11-14 07:52 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-14 07:47 . 2009-11-15 02:41 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 02:46 . 2004-12-15 17:23 -------- d-----w- c:\program files\microsoft frontpage
2009-11-15 02:40 . 2009-11-14 09:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SampleView
2009-11-15 02:40 . 2009-11-14 09:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Intervideo
2009-11-14 10:13 . 2009-11-14 09:06 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2009-11-14 09:06 . 2009-11-14 09:06 1880 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_PY062AA-ABG a1160a_YC_0Pavi_QTHT523_E53ANheBLT2_47_IPuffer_SASUSTeK Computer INC._V1.xx_B3.21_T050429_WXH2_L409_M512_J400_7Intel_8Pentium 4_93.2_#091114_N10EC8139_Z11C1048C_G10DE0161_OHP DVD Writer 640b.MRK
2009-11-14 08:07 . 2004-11-23 11:57 83443 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-14 08:07 . 2009-11-14 08:07 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-11-14 08:07 . 2009-11-14 08:07 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-11-14 07:50 . 2009-11-14 07:49 94262 ----a-w- c:\windows\HPHins03.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2009-11-14 36972]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Home Theater SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-05-09 106496]
"WINREMOTE"="c:\program files\InterVideo\Common\Bin\WinRemote.exe" [2005-05-09 233472]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"regcmdcons"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" - c:\windows\system32\Hdaudpropshortcut.exe [2004-03-17 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-02-24 1495040]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-07 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-04-07 2805248]
"Zip"="wscript.exe" - c:\windows\system32\wscript.exe [2004-08-04 114688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2009-11-14 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [14/11/2009 6:38 PM 24544]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [15/11/2009 11:03 AM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
uWindow Title = Gdooey Mae
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_AU&c=Q305&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.smh.com.au/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\zo2rj6qk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPJPI150.dll
FF - plugin: c:\program files\Java\jre1.5.0\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-11-15 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(628)
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-15 22:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-15 11:53

Pre-Run: 376,818,769,920 bytes free
Post-Run: 376,835,579,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 19788B333531EE1C1594DEDD3457237D




Any help would be so very greatly appreciated

Thanks
Posted 11/16/2009 3:25 AM
#79605
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello Rodmann and welcome to BG.




Download and run Panda USB vaccine:

https://www.pandasecurity.com/homeusers/downloads/usbvaccine/



Make sure your all your external drives are connected, before you run it.



Still while all your external drives are connected ->






Please follow this guide:

[color=#000000>Before-posting-a-log[/url]


Follow the instructions and copy the logs here, in this Topic.





Download Security Check by screen317:

https://screen317.spywareinfoforum.org/SecurityCheck.exe[/color]

Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document


Please post that log as well.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/20/2009 10:26 PM
#79809
User avatar

DarkPrincess Member

Date Joined Nov 2016
Total Posts: 6
[s]Hello Touch,

Thank you for your help. I'm experiencing problems with the same malware and my log is as follows:

ComboFix 09-11-20.02 - Susan 11/20/2009 15:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3121 [GMT -6:00]
Running from: c:\documents and settings\Susan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091120-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\pciide.sys
F:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 21:42 . 2009-11-20 21:42 -------- d-----w- c:\windows\system32\LogFiles
2009-11-19 01:15 . 2009-11-19 01:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 01:15 . 2009-11-19 01:15 152576 ----a-w- c:\documents and settings\Susan\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-18 19:59 . 2009-11-18 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-18 19:59 . 2009-11-18 19:59 -------- d-----w- c:\program files\QuickTime Alternative
2009-11-18 09:28 . 2009-11-18 09:28 -------- d-----w- c:\documents and settings\Susan\Local Settings\Application Data\Identities
2009-11-18 07:53 . 2004-08-04 06:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-11-18 07:53 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-19 01:15 . 2009-01-08 06:44 -------- d-----w- c:\program files\Java
2009-11-18 09:14 . 2009-11-18 09:14 -------- d-----w- c:\program files\Alwil Software
2009-10-08 09:54 . 2009-10-08 09:47 -------- d-----w- c:\program files\Ultra MP4 Video Converter
2009-09-15 11:59 . 2009-11-18 09:14 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 11:56 . 2009-11-18 09:14 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 11:56 . 2009-11-18 09:14 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 11:55 . 2009-11-18 09:14 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 11:55 . 2009-11-18 09:14 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 11:54 . 2009-11-18 09:14 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 11:54 . 2009-11-18 09:14 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 11:53 . 2009-11-18 09:14 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 11:53 . 2009-11-18 09:14 97480 ----a-w- c:\windows\system32\AvastSS.scr
2006-05-03 09:06 . 2009-01-28 01:59 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2009-01-28 01:59 31232 --sh--r- c:\windows\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2007-07-25 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-31 36864]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-31 1953792]
"Blitzz BWI715"="c:\program files\Blitzz\BWI715\WLANmon.exe" [2004-02-17 663552]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2003-08-21 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-15 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-17 2879488]

c:\documents and settings\Susan\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/18/2009 3:14 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/18/2009 3:14 AM 20560]
R3 BWI715;BWI715 Wireless Network Adapter Service;c:\windows\system32\drivers\BWI715.sys [1/8/2009 12:56 AM 344096]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [4/16/2009 3:05 PM 39048]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Susan\Application Data\Mozilla\Firefox\Profiles\z4gmtsmu.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2009-11-20 15:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\nvappfilter.dll

- - - - - - - > 'explorer.exe'(1648)
c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-20 15:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-20 21:47

Pre-Run: 180,123,889,664 bytes free
Post-Run: 184,014,602,240 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 80582694F50664D34E47C2E176542564[/s]
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Monday, July 4, 2022, 2:20 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,684 registered members. Please welcome our newest member, james44.
44 Guest(s), 0 Registered Member(s) are currently online.