Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > HijackThis Log Help (Inactive)
Help removing VBS:Malware-gen Help removing VBS:Malware-gen
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

 
 
Thread Tools
Old 05-03-2008, 06:42 AM   #1 (permalink)
Registered User
 
Join Date: Feb 2008
Posts: 9
OS: XP


Help removing VBS:Malware-gen
Hello,

It all started when avast said that it detected the following:


Deckard's System Scanner v20071014.68
Run by Claudia Cueva on 2008-05-03 23:13:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as CC.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:56 PM, on 3/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\CAMI EduSuite\LM\CAMI_LM.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Apps\CAMIED~1\CAMIKey\CAMIKey.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\deckard3\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\CLAUDI~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aapt.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Messenger\ycomp.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\setoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [CAMIKey] C:\Apps\CAMIED~1\CAMIKey\CAMIKey.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aapt.com.au
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CAMI EduSuite License Manager - CAMI Education - C:\Apps\CAMI EduSuite\LM\CAMI_LM.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10890 bytes

-- Files created between 2008-04-03 and 2008-05-03 -----------------------------

2008-05-03 23:12:52 0 d-------- C:\deckard3
2008-05-03 19:11:39 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-05-03 18:27:08 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-05-02 22:47:35 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-05-02 21:40:04 0 d-------- C:\Program Files\RootKit Hook Analyzer


-- Find3M Report ---------------------------------------------------------------

2008-05-03 16:44:19 0 d-------- C:\Program Files\SpywareBlaster
2008-04-05 20:39:22 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-30 18:46:24 0 d-------- C:\Program Files\Warcraft III
2008-03-24 08:31:13 2553 --a------ C:\WINDOWS\unins000.dat
2008-03-24 08:30:33 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-22 18:13:18 18131 --a------ C:\WINDOWS\War3Unin.dat
2008-03-22 18:13:15 2829 --a----c- C:\WINDOWS\War3Unin.pif
2008-03-22 18:13:15 126976 --a------ C:\WINDOWS\War3Unin.exe <Not Verified; Blizzard Entertainment; Warcraft III Uninstaller>
2008-03-15 20:46:24 0 d-------- C:\Program Files\Creative
2008-03-15 20:38:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-15 20:28:23 0 d-------- C:\Program Files\Audible
2008-03-15 19:34:45 23 --ahs---- C:\WINDOWS\system32\fabe4_z.dll
2008-03-15 19:34:44 0 d-------- C:\Program Files\jv16 PowerTools 2008
2008-03-15 19:13:32 0 d-------- C:\Program Files\Common Files\Ahead
2008-03-15 19:13:32 0 d-------- C:\Program Files\Ahead
2008-03-15 18:49:32 0 d-------- C:\Program Files\DivX
2008-03-15 18:20:03 730 --a------ C:\WINDOWS\eReg.dat
2008-03-15 1830 0 d-------- C:\Program Files\Electronic Arts
2008-03-15 18:05:05 0 d-------- C:\Program Files\Maxis
2008-03-13 19:49:15 0 d-------- C:\Documents and Settings\CC\Application Data\WinPatrol
2008-03-13 19:47:35 0 d-------- C:\Program Files\BillP Studios
2008-03-13 19:14:16 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-04 19:11:26 0 d-------- C:\Program Files\Java
2008-03-04 19:10:58 0 d-------- C:\Program Files\Common Files
2008-03-04 19:10:58 0 d-------- C:\Program Files\Common Files\Java
2008-03-02 11:08:35 184 --a------ C:\WINDOWS\War3Unin.bat
2008-02-21 12:05:44 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-02-21 12:04:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-02-21 12:04:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-02-21 12:04:04 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-02-21 12:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 12:04:04 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 12:04:04 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-02-21 12:03:24 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [27/01/2008 03:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [14/12/2007 03:42 AM]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" []
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [28/09/2006 01:16 PM]
"SoundMan"="SOUNDMAN.EXE" [26/02/2004 06:53 PM C:\WINDOWS\SOUNDMAN.EXE]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [12/07/2002 08:15 PM]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [13/02/2004 02:46 AM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [31/10/2003 07:42 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [29/06/2007 06:24 AM]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [09/09/2006 07:16 PM]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [11/10/2006 12:45 PM]
"nwiz"="nwiz.exe" [05/12/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41 AM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [27/04/2007 11:25 AM]
"ICF"="C:\Program Files\Internet Content Filter\SafeEyes.exe" [02/08/2007 10:58 AM]
"CAMIKey"="C:\Apps\CAMIED~1\CAMIKey\CAMIKey.exe" [20/03/2007 03:12 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [30/03/2008 04:37 AM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [23/08/2006 11:38 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [06/08/2004 03:33 PM]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [07/08/2006 10:06 AM]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 10:00 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [11/12/2007 07:19 AM]

C:\Documents and Settings\CC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 7:16:50 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

*Newly Created Service* - GMER



-- End of Deckard's System Scanner: finished at 2008-05-03 23:15:20 ------------

I've done a kaperky scan and the scan came clean.

You will notice I have installed some programs to detect if any rootkits are in the system.

Hope you can help to determine if the VBS:Malware-gen still exists on my system .. as I can't see the file in the chest within avast.
kratos is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 05-06-2008, 02:28 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 25,551
OS: 2000 Pro; XP Pro; XP Home


Re: Help removing VBS:Malware-gen
Log seems clean. If Kaspersky online scan also found nothing, you should be ok.

Is Avast still finding VBS:Malware-gen ? If so, where exactly? File name, full path, etc...
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006
Our help is voluntary, but this site needs donations to operate.
Please consider Donating to the Forum.

Please do not ask for help via Private Message. Ask in the forums, so all may gain from the experience.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:51 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2008, Tech Support Forum

Search Engine Friendly URLs by vBSEO

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82