Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

issues after virtumonde removal [RESOLVED]


  • This topic is locked This topic is locked

#1
rik.smithson

rik.smithson

    Member

  • Member
  • PipPip
  • 13 posts
Hi, I wonder if you could help me?

After stupidly running something I wasn't 100% sure about I got some trojan infections and spyware.

I downloaded and ran Spybot and Ad-aware, and also have the trial version of Kaspersky (will purchase the license when my 30 days are up!)

Spybot detected and deleted various trojans e.g: Win32.agent.pvz, zlob.ntg, mmonder.gen, virtumonde, obfuscated etc. I had issues with Adaware freezing during the scan so only used Spybot.

After deleting the files, Virtumonde later made a reappearance so I used VundoFix which deleted a file (which looked like a PowerISO.dll)

To make sure, I used VirtumundoBeGone v1.5 which found nothing.

Things definitely seem better but I still have some issues.

Firefox refuses to search by using google on the homepage. I can get into some sites by typing the address into the bar (i.e BBC) but this does not work with search engine sites (i.e yahoo or altavista)

Also, Firefox will not search within the geekstogo site using the google search, though IE works fine.

Which brings me to using I.E - I still seem to be getting annoying popups e.g Ask.com and registry defender etc.

I'm guessing a hijackthis session might be in order (i've never used it before so be gentle!)

Oh, and when running VirtumundoBeGone v1.5 in safe mode, I tried Firefox and it was searching fine. I suspect something is blocking Firefox searching - Kaspersky or Spybot teatimer maybe but i cannot work it out.

Any help would be greatly appreciated.

Regards

Rik
  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there Rix,

Sorry for the delay, we have so many logs that we just can't keep up with them all and some inevitably slip through the cracks.

Please take note of the following points.
  • Please keep in mind that there may be a time difference between us, If you are not in the GMT +1 time zone, than you can expect a slight delay.
  • Please do not run any tools other than what I request of you to run. Some of the tools we will use are very powerful, and using them without the required knowledge could cause more damage and prove to be more troublesome than the problem you are currently facing.
  • If at any time you have a doubt about what you are to do, please stop there and ask. No question is considered dumb here at GeeksToGo!.


We need to see what is going on with your PC so please do the following for me. :)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#3
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Mike, thanks for replying - I can see you guys are busy!

logs as requested:

MAIN

Deckard's System Scanner v20071014.68
Run by Rik Smithson on 2008-06-08 17:57:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-08 16:57:19 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-04 21:51:07 UTC - RP3 - Installed Java Runtime Environment
2: 2008-06-04 21:45:25 UTC - RP2 - Installed Java™ 6 Update 6
1: 2008-06-03 18:32:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 10.49 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-08 17:59:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ACD Systems\DevDetect\DevDetect.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\kmw_show.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Documents and Settings\Rik Smithson\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AFA398DE-854E-4A52-AF1D-F7324AFD62B8} - C:\WINDOWS\system32\vtUlLFwV.dll (file missing)
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WINDOWS\system32\ddcCRKAP.dll (file missing)
O2 - BHO: IEHlprObjClass - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Kensington\MouseWorks\IE_SPY.DLL (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager...unttracking.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_06) - http://javadl.sun.co...?BundleId=21871
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunter...ads/svideo3.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0AB6EBEB-47CA-45F6-92D9-B2782D14D3C3}: NameServer = 216.104.64.5,216.104.72.5
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: ddcCRKAP - C:\WINDOWS\system32\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUPnPRenderer - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe


--
End of file - 10879 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>

S3 BVRPMPR5 (BVRPMPR5 NDIS Protocol Driver) - d:\instal~e\core\bvrpmpr5.sys (file missing)
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 USBAAPL (Apple Mobile USB Driver) - c:\windows\system32\drivers\usbaapl.sys <Not Verified; Apple, Inc.; Apple Mobile Device USB Driver>
S3 vsdatant - c:\windows\system32\vsdatant.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (Atheros Configuration Service) - c:\windows\system32\acs.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR 108 Mbps Wireless PCI Adapter WG311T
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\3&13C0B0C5&0&68
Manufacturer: NETGEAR, Inc.
Name: NETGEAR 108 Mbps Wireless PCI Adapter WG311T #4
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_5A001385&REV_01\3&13C0B0C5&0&68
Service: AR5211


-- Scheduled Tasks -------------------------------------------------------------

2008-06-08 16:00:03 380 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2008-05-26 12:06:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-08 and 2008-06-08 -----------------------------

2008-06-08 15:35:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 21:58:44 0 d-------- C:\WINDOWS\CSC
2008-06-04 21:28:55 0 d-------- C:\VundoFix Backups
2008-06-04 21:27:25 214528 --a------ C:\VundoFix.exe <Not Verified; Atribune.org; VundoFix>
2008-06-03 18:10:14 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-03 18:04:52 50688 --a------ C:\ATF-Cleaner.exe <Not Verified; Atribune.org; ATF Cleaner>
2008-05-28 21:42:04 691545 --a------ C:\WINDOWS\unins000.exe
2008-05-28 21:42:04 2547 --a------ C:\WINDOWS\unins000.dat
2008-05-28 21:29:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 17:30:33 0 d-------- C:\Program Files\Lavasoft
2008-05-26 17:30:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-26 17:07:21 2560 --a------ C:\WINDOWS\system32\myxnqagt.exe
2008-05-26 12:04:16 2560 --a------ C:\WINDOWS\system32\aiyfrfqk.exe
2008-05-26 11:59:05 134144 --a------ C:\WINDOWS\system32\uctrqxgw.dll
2008-05-26 11:55:29 124928 --a------ C:\WINDOWS\system32\phiwkhqi.dll
2008-05-24 11:03:22 2560 --a------ C:\WINDOWS\system32\pdrcysab.exe
2008-05-24 11:00:22 136192 --a------ C:\WINDOWS\system32\kqhkxpqu.dll
2008-05-24 10:57:22 92160 --a------ C:\WINDOWS\system32\vhtqenre.dll
2008-05-23 12:03:24 2560 --a------ C:\WINDOWS\system32\iytqapyy.exe
2008-05-23 10:57:24 92160 --a------ C:\WINDOWS\system32\hnmtkoxv.dll
2008-05-22 23:18:21 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-22 23:18:21 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-22 23:18:21 15352096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-22 23:13:32 48416 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-22 23:13:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-22 22:48:10 570446 --ahs---- C:\WINDOWS\system32\VwFLlUtv.ini2


-- Find3M Report ---------------------------------------------------------------

2008-06-04 23:54:14 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-04 22:49:16 0 d-------- C:\Program Files\Java
2008-06-04 21:37:57 0 d-------- C:\Program Files\PowerISO
2008-05-28 23:28:51 0 d-------- C:\Program Files\Common Files
2008-05-28 21:18:29 0 d-------- C:\Program Files\Shockwave.com
2008-05-26 17:29:45 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 23:13:31 0 d-------- C:\Program Files\Kaspersky Lab
2008-05-22 22:39:13 0 d-------- C:\Documents and Settings\Rik Smithson\Application Data\Azureus
2008-05-18 16:09:08 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-05-18 15:52:39 0 d-------- C:\Program Files\Apple Software Update
2008-05-12 21:55:37 0 d-------- C:\Program Files\iTunes
2008-05-12 21:55:31 0 d-------- C:\Program Files\iPod
2008-05-12 21:47:41 0 d-------- C:\Program Files\QuickTime
2008-05-02 07:42:23 0 d-------- C:\Program Files\Azureus
2008-04-20 15:30:06 0 d-------- C:\Program Files\Yahoo!
2008-04-19 10:59:29 0 d-------- C:\Documents and Settings\Rik Smithson\Application Data\Help
2008-04-10 21:47:41 0 d-------- C:\Program Files\Karndean International


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFA398DE-854E-4A52-AF1D-F7324AFD62B8}]
C:\WINDOWS\system32\vtUlLFwV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD962BAB-F429-460F-805B-B137087AB623}]
C:\WINDOWS\system32\ddcCRKAP.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [12/11/2004 18:24]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28]
"SoundMan"="SOUNDMAN.EXE" [22/12/2004 10:09 C:\WINDOWS\SOUNDMAN.EXE]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [19/09/2005 16:29]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [19/09/2005 16:53]
"MSWheel"="" []
"kmw_run.exe"="kmw_run.exe" [27/05/2003 14:48 C:\WINDOWS\system32\kmw_run.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [14/09/2006 21:09]
"Cmaudio"="cmicnfg.cpl" []
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [09/12/2002 15:35]
"kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/05/2005 23:12]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 14:10]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [08/02/2008 18:36]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 17:24]
"gStart"="C:\Garmin\gStart.exe" [25/07/2005 10:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 06:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]
"PopUpStopperFreeEdition"="C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [29/04/2003 11:40]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [09/11/2007 14:16]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [21/02/2006 20:17:47]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 23:23:26]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [12/05/2005 00:49:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [09/05/2005 11:47:22]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [19/02/2006 14:22:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{BD962BAB-F429-460F-805B-B137087AB623}"= C:\WINDOWS\system32\ddcCRKAP.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCRKAP]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlLFwV

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8554 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-08 18:01:31 ------------

EXTRA

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 1023.48 MiB / 533.84 MiB
Pagefile Memory (total/avail): 3229.1 MiB / 2804.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 76.69 GiB total, 10.48 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 152.66 GiB total, 64.44 GiB free.
F: is CDROM (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ExcelStor Technology J880 - 76.69 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 76.69 GiB - C:

\\.\PHYSICALDRIVE1 - Maxtor 6 L160M0 SCSI Disk Device - 152.66 GiB - 1 partition
\PARTITION0 - Installable File System - 152.66 GiB - E:

\\.\PHYSICALDRIVE2 - VIA-P VT6205-DevB USB Device

\\.\PHYSICALDRIVE3 - VIA-P VT6205-DevM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: Kaspersky Anti-Virus v7.0.1.325 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"C:\\kav\\kav7.0\\english\\setup.exe"="C:\\kav\\kav7.0\\english\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rik Smithson\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RIKPC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rik Smithson
LOGONSERVER=\\RIKPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RIKSMI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RIKSMI~1\LOCALS~1\Temp
USERDOMAIN=RIKPC
USERNAME=Rik Smithson
USERPROFILE=C:\Documents and Settings\Rik Smithson
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Rik Smithson (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Ableton Live v5.0.3 --> C:\PROGRA~1\Ableton\LIVE50~1.3\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE50~1.3\INSTALL.LOG
ACD PhotoStitcher --> MsiExec.exe /I{306F0DE6-CB05-4D35-A71A-1F30AF009FE4}
ACDSee 3.1 (SR-1) --> MsiExec.exe /I{047882CA-975E-41FC-BE02-6D6396106C4E}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop 6.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.4 --> "C:\Program Files\Audacity\unins000.exe"
Azureus --> C:\Program Files\Azureus\Uninstall.exe
Baldur's Gate --> C:\WINDOWS\IsUninst.exe -fe:\media\programs\Uninst.isu
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Combat Mission --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD1DC860-2B0A-11D4-BD2E-00500480A380}\Setup.exe"
Combat Mission 2 --> C:\PROGRA~1\COMBAT~1\UNWISE.EXE C:\PROGRA~1\COMBAT~1\INSTALL.LOG
Combat Mission 3 Afrika Korps --> C:\PROGRA~1\COMBAT~2\UNINST~1\UNWISE.EXE C:\PROGRA~1\COMBAT~2\UNINST~1\INSTALL.LOG
Combat Mission Shock Force Demo (v1.02) --> "C:\Program Files\Battlefront\Combat Mission Shock Force Demo\unins000.exe"
DVD X Player 4.0 Professional --> "C:\Program Files\DVD X Studios\DVD X Player 4.0 Professional\unins000.exe"
Financial Protection (CF3) --> C:\WINDOWS\uninst.exe -fc:\PROGRA~1\CII\CF3\DeIsL1.isu
Flashpoint uninstall --> C:\Program Files\Codemasters\UnInstall.exe
FloorStyle --> MsiExec.exe /I{124624A3-6D69-4177-B064-052EB4617CF1}
FLV Player 1.3.3 --> "C:\Program Files\FLVPlayer\uninstall.exe"
Garmin Training Center v4 --> MsiExec.exe /X{DE659AC8-EEF0-4115-AA0C-6500D194FB10}
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
HP Deskjet 5900 series --> C:\Program Files\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Image Zone 5.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iPod Video Converter 3 --> C:\Program Files\Xilisoft\iPod Video Converter 3\Uninstall.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.52 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kensington MouseWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57764780-E33B-11D1-96ED-00A024A83A15}\Setup.exe" -u
LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
MaxDrive PS2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\MaxDrive PS2\Uninst.isu"
Microsoft Combat Flight Simulator --> "E:\Media\Programs\UNINSTAL.EXE" /runtemp
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Mig Alley 1.1 --> C:\rowan\mig\UNWISE.EXE C:\rowan\mig\INSTALL.LOG
MixMeister Fusion Demo --> MsiExec.exe /I{DA55E50A-8DE2-4AE2-AA81-E701E3EE23FD}
MotionBased Agent --> MsiExec.exe /I{70C4EFA5-F8B8-4015-9378-FCAA9000DF19}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
Nero - Burning Rom --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ahead\Nero\DeIsL1.isu"
NETGEAR Wireless Adapter WG311T --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FC321AD2-48B4-4013-B997-A65D5FBBD006}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{74C5EA04-AF1E-45B2-949B-4841EE949C40}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia N73 highlights --> MsiExec.exe /I{02B71D92-A84B-4DFB-9A10-D12BB01AC1F2}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{FCD8DCE6-94C8-4FF6-8E3E-D3C96A5A707E}\Nokia_PC_Suite_rel_6_85_12_0_eng.exe
Nokia PC Suite --> MsiExec.exe /I{FCD8DCE6-94C8-4FF6-8E3E-D3C96A5A707E}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
PC Connectivity Solution --> MsiExec.exe /I{73284F36-E17E-44B0-85E2-F0336A6E749F}
PENTAX USB DISK Device --> MsiExec.exe /X{AEE9ABDF-CFFD-4CC2-8519-E8ECEB5A2AAF}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Roxio Easy Media Creator 8 Suite --> MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
The scenery SS_Catch uses --> C:\Program Files\Microsoft Games\Combat Flight Simulator\Uninstal.exe
Tom Clancy's Rainbow Six 3: Raven Shield --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF131494-F5D8-45C5-938C-D5F020CF1B0D}\setup.exe" -l0x9
ubi.com --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}\Setup.exe" -l0x9 UNINSTALL-L0x9 -uninst
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VideoEgg Publisher --> C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Uninstall.exe
Videora iPod Converter 2.07 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/05/2007 6.85.35.3) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_4B5D882780830B9245673D197146B7FF82A23CFB\pccswpddriver.inf
Windows Driver Package - Nokia Modem (08/03/2007 3.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_05A76228EE0EF20D8B64523AD40E95C8F09D6988\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type7955 / Error
Event Submitted/Written: 06/08/2008 04:50:55 PM
Event ID/Source: 439 / ESENT
Event Description:
Catalog Database (1300) Unable to write a shadowed header for file C:\WINDOWS\system32\CatRoot2\edb.chk. Error -1032.

Event Record #/Type7954 / Error
Event Submitted/Written: 06/08/2008 04:50:55 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (1300) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type7904 / Error
Event Submitted/Written: 06/03/2008 09:57:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type7895 / Error
Event Submitted/Written: 06/03/2008 08:56:27 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (1464) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Event Record #/Type7894 / Error
Event Submitted/Written: 06/03/2008 08:56:26 PM
Event ID/Source: 490 / ESENT
Event Description:
svchost (1464) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type181901 / Error
Event Submitted/Written: 06/08/2008 05:57:15 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type181900 / Error
Event Submitted/Written: 06/08/2008 05:57:12 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type181860 / Error
Event Submitted/Written: 06/08/2008 05:30:00 PM
Event ID/Source: 11 / Disk
Event Description:
The driver detected a controller error on \Device\Harddisk0\D.

Event Record #/Type181856 / Error
Event Submitted/Written: 06/08/2008 05:29:09 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register with DCOM within the required timeout.

Event Record #/Type181826 / Warning
Event Submitted/Written: 06/08/2008 05:24:38 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00024492C8DD. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-06-08 18:01:31 ------------
  • 0

#4
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
A quick update of events since my first posting:

•Virtumonde and obfuscated came back and were detected and disinfected by Kaspersky

•I managed to get Firefox searching ok today when i opened it before Kaspersky had a chance to start up - it must be Kas that was blocking it somehow

•IE still has annoying pop-ups

Cheers for looking into this

rik
  • 0

#5
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again rik,

You still have a few baddies on your computer.

Please follow my instructions in the order they were given, if you come across something you don't understand or don't feel comfortable doing, don't hesitate to ask and I will get you sorted out :)
If you cannot complete a step in my instructions, please skip it and continue with the rest of my instructions and tell me in your next reply which one you were having trouble with.

Preparation

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Please go to add or remove programs and uninstall the following:

J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3 --> MsiExec.exe
Java™ SE Runtime Environment 6 Update 1
Viewpoint Manager (Remove Only)
Viewpoint Media Player


Running Combofix

Please go here to install the recovery console and for a guide on using combofix.

Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, please don't overlook this!

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#6
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Mike, thanks again for your help with this

Combofix log

ComboFix 08-06-08.8 - Rik Smithson 2008-06-09 18:22:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT 1:00]
Running from: C:\Documents and Settings\Rik Smithson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rik Smithson\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM9f979c33.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aiyfrfqk.exe
C:\WINDOWS\system32\cncsoeby.ini
C:\WINDOWS\system32\cnkhdilc.ini
C:\WINDOWS\system32\iytqapyy.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\myxnqagt.exe
C:\WINDOWS\system32\nbtxcbkb.ini
C:\WINDOWS\system32\pdrcysab.exe
C:\WINDOWS\system32\VwFLlUtv.ini
C:\WINDOWS\system32\VwFLlUtv.ini2
C:\WINDOWS\system32\yphkvqsd.ini

.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.

2008-06-09 17:51 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 17:56 . 2008-06-08 17:56 <DIR> d-------- C:\Deckard
2008-06-08 16:32 . 2008-06-08 16:32 25,418 --a------ C:\kasp.html
2008-06-08 15:41 . 2008-06-08 15:41 401,720 --a------ C:\HiJackThis.exe
2008-06-08 15:35 . 2008-06-08 15:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 21:28 . 2008-06-04 21:45 <DIR> d-------- C:\VundoFix Backups
2008-06-04 21:27 . 2008-06-04 21:27 214,528 --a------ C:\VundoFix.exe
2008-06-03 19:29 . 2008-06-03 19:28 5,840,544 --a------ C:\Firefox Setup 2.0.0.14.exe
2008-06-03 18:10 . 2008-06-03 18:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-03 18:04 . 2008-06-03 18:04 50,688 --a------ C:\ATF-Cleaner.exe
2008-05-28 21:42 . 2008-05-28 21:36 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-28 21:42 . 2008-05-28 21:42 2,547 --a------ C:\WINDOWS\unins000.dat
2008-05-28 21:29 . 2008-05-28 21:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 21:29 . 2008-05-28 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 17:30 . 2008-05-26 17:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-26 17:30 . 2008-05-26 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-26 17:27 . 2008-05-26 17:27 19,153,264 --a------ C:\aaw2008.exe
2008-05-26 12:02 . 2008-05-26 12:02 1,402,533 --ahs---- C:\WINDOWS\system32\dopfecoa.tmp
2008-05-22 23:18 . 2008-06-09 18:33 15,522,336 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-22 23:18 . 2008-06-09 18:29 212,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-22 23:18 . 2008-05-28 18:48 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-22 23:18 . 2008-06-01 20:16 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-22 23:13 . 2008-06-09 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-22 23:13 . 2008-06-09 18:30 65,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-22 23:13 . 2008-06-09 18:29 7,172 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 22:18 . 2008-06-09 18:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 22:18 . 2008-05-12 22:18 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 17:30 7,304 ----a-w C:\WINDOWS\TMP0001.TMP
2008-06-09 17:30 --------- d-----w C:\Program Files\Viewpoint
2008-06-09 16:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-09 16:55 --------- d-----w C:\Program Files\Java
2008-06-09 16:43 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-09 06:42 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-04 20:37 --------- d-----w C:\Program Files\PowerISO
2008-05-28 20:18 --------- d-----w C:\Program Files\Shockwave.com
2008-05-28 17:48 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-26 16:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 22:13 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-22 21:39 --------- d-----w C:\Documents and Settings\Rik Smithson\Application Data\Azureus
2008-05-18 14:52 --------- d-----w C:\Program Files\Apple Software Update
2008-05-12 20:55 --------- d-----w C:\Program Files\iTunes
2008-05-12 20:55 --------- d-----w C:\Program Files\iPod
2008-05-12 20:47 --------- d-----w C:\Program Files\QuickTime
2008-05-02 06:42 --------- d-----w C:\Program Files\Azureus
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-20 14:30 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 20:47 --------- d-----w C:\Program Files\Karndean International
2007-09-06 19:40 40,312 ----a-w C:\Documents and Settings\Rik Smithson\Application Data\GDIPFONTCACHEV1.DAT
2005-04-06 10:55 456,384 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2004-10-19 18:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-19 18:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
2005-05-13 17:12 217,073 --sha-w C:\WINDOWS\meta4.exe
2005-10-24 11:13 66,560 --sha-w C:\WINDOWS\MOTA113.exe
2005-10-13 21:27 422,400 --sha-w C:\WINDOWS\x2.64.exe
2005-10-07 19:14 308,224 --sha-w C:\WINDOWS\system32\avisynth.dll
2005-07-14 12:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-w C:\WINDOWS\system32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-w C:\WINDOWS\system32\cygz.dll
2004-01-25 00:00 70,656 --sha-w C:\WINDOWS\system32\i420vfw.dll
2006-04-27 10:24 2,945,024 --sha-w C:\WINDOWS\system32\Smab.dll
2005-02-28 13:16 240,128 --sha-w C:\WINDOWS\system32\x.264.exe
2004-01-25 00:00 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFA398DE-854E-4A52-AF1D-F7324AFD62B8}]
C:\WINDOWS\system32\vtUlLFwV.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD962BAB-F429-460F-805B-B137087AB623}]
C:\WINDOWS\system32\ddcCRKAP.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"gStart"="C:\Garmin\gStart.exe" [2005-07-25 10:05 1896448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"PopUpStopperFreeEdition"="C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2003-04-29 11:40 524288]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 14:16 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [ ]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 16:29 163840]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 16:53 1687552]
"MSWheel"="" []
"kmw_run.exe"="kmw_run.exe" [2003-05-27 14:48 106496 C:\WINDOWS\system32\kmw_run.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"Cmaudio"="cmicnfg.cpl" []
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2002-12-09 15:35 208896]
"kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36 227856]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 06:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-21 20:17:47 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 11:47:22 4517888]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-19 14:22:30 585728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BD962BAB-F429-460F-805B-B137087AB623}"= C:\WINDOWS\system32\ddcCRKAP.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCRKAP]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2005-11-30 11:43]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2003-05-27 14:58]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2003-05-27 14:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 11:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 03:00:02 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 18:31:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\kmw_show.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-06-09 18:41:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 17:41:04

Pre-Run: 11,108,827,136 bytes free
Post-Run: 11,063,918,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

210 --- E O F --- 2008-05-18 21:12:51


Hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:19, on 09/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rik Smithson\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AFA398DE-854E-4A52-AF1D-F7324AFD62B8} - C:\WINDOWS\system32\vtUlLFwV.dll (file missing)
O2 - BHO: (no name) - {BD962BAB-F429-460F-805B-B137087AB623} - C:\WINDOWS\system32\ddcCRKAP.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [kgsystray] C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ca
O16 - DPF: {04CC2CE2-BBC4-43B6-96D6-E1C3E0BA120F} (HMVDownloader Control) - https://www.hmvdigit....Downloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager...unttracking.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ad...ash/swflash.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://secure.sunter...ads/svideo3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AB6EBEB-47CA-45F6-92D9-B2782D14D3C3}: NameServer = 216.104.64.5,216.104.72.5
O20 - Winlogon Notify: ddcCRKAP - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

--
End of file - 10283 bytes
  • 0

#7
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi again :)

Making a CFScript

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
DirLook::
C:\WINDOWS\system32\GroupPolicy

File::
C:\WINDOWS\unins000.exe
C:\WINDOWS\unins000.dat
C:\WINDOWS\system32\dopfecoa.tmp
 C:\WINDOWS\TMP0001.TMP
C:\WINDOWS\system32\vtUlLFwV.dll
C:\WINDOWS\system32\ddcCRKAP.dll

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFA398DE-854E-4A52-AF1D-F7324AFD62B8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BD962BAB-F429-460F-805B-B137087AB623}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ViewMgr"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{BD962BAB-F429-460F-805B-B137087AB623}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcCRKAP]
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.
  • 0

#8
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Mike

The first time I dragged the created file and ran combofix, it got to the point of generating the log file but explorer disappeared so I could not post the file. I re-ran as per the instruction and here is the resulting file:

ComboFix 08-06-08.8 - Rik Smithson 2008-06-10 18:48:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.613 [GMT 1:00]
Running from: C:\Documents and Settings\Rik Smithson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rik Smithson\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\ddcCRKAP.dll
C:\WINDOWS\system32\dopfecoa.tmp
C:\WINDOWS\system32\vtUlLFwV.dll
C:\WINDOWS\TMP0001.TMP
C:\WINDOWS\unins000.dat
C:\WINDOWS\unins000.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\TMP0001.TMP

.
((((((((((((((((((((((((( Files Created from 2008-05-10 to 2008-06-10 )))))))))))))))))))))))))))))))
.

2008-06-09 17:51 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-08 17:56 . 2008-06-08 17:56 <DIR> d-------- C:\Deckard
2008-06-08 16:32 . 2008-06-08 16:32 25,418 --a------ C:\kasp.html
2008-06-08 15:35 . 2008-06-08 15:35 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-04 21:28 . 2008-06-04 21:45 <DIR> d-------- C:\VundoFix Backups
2008-06-04 21:27 . 2008-06-04 21:27 214,528 --a------ C:\VundoFix.exe
2008-06-03 19:29 . 2008-06-03 19:28 5,840,544 --a------ C:\Firefox Setup 2.0.0.14.exe
2008-06-03 18:10 . 2008-06-03 18:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-06-03 18:04 . 2008-06-03 18:04 50,688 --a------ C:\ATF-Cleaner.exe
2008-05-28 21:29 . 2008-05-28 21:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-28 21:29 . 2008-05-28 23:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-26 17:30 . 2008-05-26 17:30 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-26 17:30 . 2008-05-26 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-26 17:27 . 2008-05-26 17:27 19,153,264 --a------ C:\aaw2008.exe
2008-05-22 23:18 . 2008-06-10 18:31 15,726,624 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-22 23:18 . 2008-06-10 18:27 214,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-22 23:18 . 2008-05-28 18:48 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-22 23:18 . 2008-06-01 20:16 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-22 23:13 . 2008-06-10 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-22 23:13 . 2008-06-10 18:53 72,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-22 23:13 . 2008-06-10 18:27 7,700 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-12 22:18 . 2008-06-10 18:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-12 22:18 . 2008-05-12 22:18 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 16:57 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-09 16:55 --------- d-----w C:\Program Files\Java
2008-06-09 06:42 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-04 20:37 --------- d-----w C:\Program Files\PowerISO
2008-05-28 20:18 --------- d-----w C:\Program Files\Shockwave.com
2008-05-28 17:48 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-26 16:29 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-22 22:13 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-22 21:39 --------- d-----w C:\Documents and Settings\Rik Smithson\Application Data\Azureus
2008-05-18 14:52 --------- d-----w C:\Program Files\Apple Software Update
2008-05-12 20:55 --------- d-----w C:\Program Files\iTunes
2008-05-12 20:55 --------- d-----w C:\Program Files\iPod
2008-05-12 20:47 --------- d-----w C:\Program Files\QuickTime
2008-05-02 06:42 --------- d-----w C:\Program Files\Azureus
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-20 14:30 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 20:47 --------- d-----w C:\Program Files\Karndean International
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2007-09-06 19:40 40,312 ----a-w C:\Documents and Settings\Rik Smithson\Application Data\GDIPFONTCACHEV1.DAT
2005-04-06 10:55 456,384 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2004-10-19 18:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-19 18:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
2005-05-13 17:12 217,073 --sha-w C:\WINDOWS\meta4.exe
2005-10-24 11:13 66,560 --sha-w C:\WINDOWS\MOTA113.exe
2005-10-13 21:27 422,400 --sha-w C:\WINDOWS\x2.64.exe
2005-10-07 19:14 308,224 --sha-w C:\WINDOWS\system32\avisynth.dll
2005-07-14 12:31 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 15:32 616,448 --sha-w C:\WINDOWS\system32\cygwin1.dll
2005-06-21 22:37 45,568 --sha-w C:\WINDOWS\system32\cygz.dll
2004-01-25 00:00 70,656 --sha-w C:\WINDOWS\system32\i420vfw.dll
2006-04-27 10:24 2,945,024 --sha-w C:\WINDOWS\system32\Smab.dll
2005-02-28 13:16 240,128 --sha-w C:\WINDOWS\system32\x.264.exe
2004-01-25 00:00 70,656 --sha-w C:\WINDOWS\system32\yv12vfw.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\GroupPolicy ----

2008-06-03 18:10 81 ---h----- C:\WINDOWS\system32\GroupPolicy\Adm\admfiles.ini
2008-06-03 18:10 38 --a------ C:\WINDOWS\system32\GroupPolicy\gpt.ini
2007-07-30 19:02 50726 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wuau.adm
2005-01-28 14:44 67456 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\wmplayer.adm
2004-07-24 03:44 1431144 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\inetres.adm
2004-07-18 04:54 1744202 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\system.adm
2004-07-17 17:42 40282 --a------ C:\WINDOWS\system32\GroupPolicy\Adm\conf.adm


((((((((((((((((((((((((((((( [email protected]_18.40.32.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-09 17:30:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-10 17:41:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"gStart"="C:\Garmin\gStart.exe" [2005-07-25 10:05 1896448]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56 15360]
"PopUpStopperFreeEdition"="C:\20g drive\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" [2003-04-29 11:40 524288]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-11-09 14:16 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 16:29 163840]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 16:53 1687552]
"MSWheel"="" []
"kmw_run.exe"="kmw_run.exe" [2003-05-27 14:48 106496 C:\WINDOWS\system32\kmw_run.exe]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592]
"Cmaudio"="cmicnfg.cpl" []
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2002-12-09 15:35 208896]
"kgsystray"="C:\Program Files\Kuma Games\kgsystray\Kuma_tray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 06:56 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-02-21 20:17:47 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
NETGEAR WG311T Wireless Assistant.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2005-05-09 11:47:22 4517888]
VIA RAID TOOL.lnk - C:\Program Files\VIA\RAID\raid_tool.exe [2006-02-19 14:22:30 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
"C:\\kav\\kav7.0\\english\\setup.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=

R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe [2005-11-30 11:43]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2003-05-27 14:58]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2003-05-27 14:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 11:06:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-09 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 18:54:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-06-10 18:57:35
ComboFix-quarantined-files.txt 2008-06-10 17:56:31
ComboFix2.txt 2008-06-10 17:15:48
ComboFix3.txt 2008-06-09 17:41:18

Pre-Run: 11,062,140,928 bytes free
Post-Run: 11,048,128,512 bytes free

179 --- E O F --- 2008-05-18 21:12:51
  • 0

#9
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Your logs look good,

Let's sweep for stray entries and do one more thorough scan to see if we have any stragglers.

Step 1. Running ATF Cleaner

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2. Running MalwareByte's Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 3. Running Kaspersky Online Virusscaner

Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.
  • 0

#10
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi

I've just come back to my PC and whilst I've been away Kaspersky detected a trojan:


10/06/2008 19:35:27 File C:\System Volume Information\_restore{555B6D3E-0C5A-49C1-AF7D-56DE87697D17}\RP3\A0000216.dll: detected: Trojan program 'Trojan.Win32.Monder.gen'. User: MSHOME\RIKPC$, computer: localhost.

I'll run through your latest guidance now and post the results.

rik
  • 0

Advertisements


#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
That won't change the plan :)

It's located in your system restore and can't harm your computer now, although we will be getting rid of it anyways later on.

I'll wait for the logs.
  • 0

#12
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, I think the Kaspersky scanner is going to run all night. In the meantime here is the MBAM log

Malwarebytes' Anti-Malware 1.17
Database version: 846

21:44:29 10/06/2008
mbam-log-6-10-2008 (21-44-29).txt

Scan type: Quick Scan
Objects scanned: 39203
Time elapsed: 26 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 275

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{514a5c49-0c7d-42c3-a71b-38864a269b7a} (Trojan.Vundo) -> Quarantined and deleted successfully.
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rik Smithson\Application Data\VideoEgg\Publisher\4520\res

Edited by rik.smithson, 10 June 2008 - 04:39 PM.

  • 0

#13
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The Kaspersky on-line scan dod not find any malware - ace!
  • 0

#14
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there your logs look clean :)

Step 1. Removing ComboFix

Click START then RUN
Now type Combofix /u in the runbox and click OK
Posted Image
Notice the space between the x and / -- That needs to be there.

Now please download OTCleanIt.
  • Save it to your desktop.
  • Double Click on OTCleanIt.exe, a window will appear.
  • Please press the CleanUp! Button.
This will remove the tools we used during the process of cleaning your computer.

Step 2. Configuring Automatic Updates

Click the Automatic Updates tab. Choose the update option that best suits your needs, but be sure that Automatic Updates is not turned off. Windows XP will now notify you and download important updates and security patches as they become available.
Click "OK" to save your new settings and close the System Properties dialogue.

Step 3. Preventing future infection

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
http://www.spywarewa...uc/resource.htm

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.o...oducts/firefox/

Also make sure to run your antivirus software regularly, and to keep it up-to-date.

There are many programs that can be used for your protection, most falling within the three main categories of anti-virus, anti-spyware and firewall. Please be careful to never run more than one program of the same category in resident mode, as conflicts between the different programs can actually decrease your protection.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems! Good luck. :)

Please post back and tell me if everything is OK, so that I may mark this thread as Resolved.

Edited by Mike, 11 June 2008 - 03:49 AM.

  • 0

#15
rik.smithson

rik.smithson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Mike

Hopefully that is me all sorted. I really appreciate what you have done for me here, thanks very much. I will be buying the full version of Kaspersky when it gets to pay day (which coincides with the trial running out and I have set a diary note to click your PP donate button too!

One other thing, do you have any links to a guide on removing start-up objects I no longer use? My PC really needs a good tidy up! I can start a new topic with this if you would rather.

Thanks again, you guys rock.

rik
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP