Find your solution!

dragon61651 · 20-Apr-2008, 04:51 PM #1

got this msn virus basically it sends a message saying look at this pic of me or something similar. then when you except the .rar file i thnk it is might have been .exe. then it shuts down the window and opens windows to all other online contacts, sends them this message to then shuts down the window. no other window is then able to be opened until msn is restarted.

now i did the hijack this and came up with

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:45:41, on 20/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\bootk.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Sound Station\SNXUACP.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AC9A582-A0D4-4B9B-9295-0EA6FDA48BCB} - C:\WINDOWS\system32\efcDstQI.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6A6EAE1B-4AD6-4035-974D-504D6DBAA9C3} - C:\WINDOWS\system32\yayXRLee.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Boot K] bootk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'Default user')
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sound Station.lnk = C:\Program Files\Sound Station\SNXUACP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188500080500
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{380F22F5-3F21-4A61-9B53-8506F3BA71F4}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{380F22F5-3F21-4A61-9B53-8506F3BA71F4}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayXRLee - yayXRLee.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8565 bytes

now wat do i do next thanks

**cybertech** · 23-Apr-2008, 10:20 AM #2

Hi, Welcome to TSG!!

Please close/disable all anti-virus and anti-malware programs so they do not interfere with the running of SDFix and make sure you are disconnected from the Internet after downloading the program but before extracting the files.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with SDFix and remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Remember to re-enable the protection again afterwards before connecting to the Internet.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually
Instead of Windows loading as normal, the Advanced Options Menu should appear
Select the first option, to run Windows in Safe Mode, then press Enter
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to the clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

dragon61651 · 23-Apr-2008, 01:12 PM #3

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Key s\0009dd500772]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00 09dd500772]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update]
"OfflineDetectionPending"=dword:00000001

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\fvke.exe"="C:\\WINDOWS\\system32\\fvke.exe:*:Enable d:ENABLE"
"C:\\Documents and Settings\\Administrator\\fvas.exe"="C:\\Documents and Settings\\Administrator\\fvas.exe:*:Enabled:ENABLE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 20 Apr 2008 58,368 ...H. --- "C:\Documents and Settings\Administrator\fvas.exe"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Mon 12 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

that i sd fix report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:09:12, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Administrator\fvas.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sound Station\SNXUACP.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
G:\StartVMCLite.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Administrator\fvas.exe \s
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [fvke] C:\WINDOWS\system32\fvke.exe \u
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKLM\..\Run: [c019151b] rundll32.exe "C:\WINDOWS\system32\fcpksofy.dll",b
O4 - HKLM\..\Run: [BMc32a2687] Rundll32.exe "C:\WINDOWS\system32\tchavwtp.dll",s
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'Default user')
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sound Station.lnk = C:\Program Files\Sound Station\SNXUACP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188500080500
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7629 bytes

and thats the hijack this report

thanks steve

**cybertech** · 23-Apr-2008, 01:35 PM #4

Please visit this webpage for instructions on installing recovery console and downloading/running ComboFix.

Post the log from ComboFix along with a new HijackThis log.

dragon61651 · 23-Apr-2008, 03:56 PM #5

ComboFix 08-04-22.5 - Administrator 2008-04-23 20:26:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.263 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bsqrrysg.dll
C:\WINDOWS\system32\CLVwyGgh.ini2
C:\WINDOWS\system32\fccdbBrR.dll
C:\WINDOWS\system32\fcpksofy.dll
C:\WINDOWS\system32\gykucsmx.dll
C:\WINDOWS\system32\ildluvue.dll
C:\WINDOWS\system32\IQtsDcfe.ini
C:\WINDOWS\system32\IQtsDcfe.ini2
C:\WINDOWS\system32\ltjtkqtl.ini
C:\WINDOWS\system32\ltqktjtl.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\RrBbdccf.ini
C:\WINDOWS\system32\RrBbdccf.ini2
C:\WINDOWS\system32\ssqOICSi.dll
C:\WINDOWS\system32\tchavwtp.dll
C:\WINDOWS\system32\ugyqqxcf.dll
C:\WINDOWS\system32\vtUkkijJ.dll
C:\WINDOWS\system32\wayayGgh.ini2
C:\WINDOWS\system32\wgdxpwfq.dll
C:\WINDOWS\system32\yayxwVMg.dll
C:\WINDOWS\system32\yfoskpcf.ini
C:\WINDOWS\system32\yyfknvdi.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-23 20:26 . 2008-04-23 20:26 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-23 18:08 . 2008-04-23 18:08 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-04-23 17:50 . 2008-04-23 17:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-23 17:41 . 2008-04-23 18:08 <DIR> d-------- C:\SDFix
2008-04-23 15:04 . 2008-04-23 15:04 491,520 --a------ C:\WINDOWS\~DF4115.tmp
2008-04-23 13:10 . 2008-04-23 15:03 <DIR> d-------- C:\_OTMoveIt
2008-04-22 15:29 . 2008-04-23 16:45 1,541,527 --ahs---- C:\WINDOWS\system32\lawsccdg.ini
2008-04-22 15:06 . 2008-04-22 15:07 491,520 --a------ C:\WINDOWS\~DFCD27.tmp
2008-04-21 20:23 . 2008-04-21 20:23 2,112 --a------ C:\Documents and Settings\Administrator\Application Data\update.log
2008-04-21 20:18 . 2008-04-21 20:18 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\systemerrorfixer
2008-04-21 20:17 . 2008-04-21 21:17 <DIR> d-------- C:\Program Files\SystemErrorFixer
2008-04-21 20:17 . 2008-04-21 20:17 <DIR> d-------- C:\Program Files\Common Files\SystemErrorFixer
2008-04-21 15:27 . 2008-04-23 14:59 <DIR> d-------- C:\MSNCleaner
2008-04-21 15:23 . 2008-04-22 15:23 1,541,269 --ahs---- C:\WINDOWS\system32\qoggwvdq.ini
2008-04-20 21:59 . 2008-04-20 21:59 58,368 --a------ C:\WINDOWS\system32\fvke.exe
2008-04-20 21:59 . 2008-04-20 21:59 58,368 ---h----- C:\Documents and Settings\Administrator\fvas.exe
2008-04-20 21:28 . 2008-04-20 21:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 20:40 . 2008-04-20 20:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-20 18:46 . 2008-04-20 20:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-20 15:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-20 15:35 . 2008-04-20 15:36 <DIR> d-------- C:\Program Files\Java
2008-04-20 15:34 . 2008-04-20 15:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-20 15:10 . 2008-04-20 17:08 414 --ahs---- C:\WINDOWS\system32\btjqglfe.ini
2008-04-20 10:57 . 2008-04-23 14:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-20 10:41 . 2008-04-20 15:31 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 10:34 . 2008-04-23 20:21 109,786 --a------ C:\WINDOWS\BMc32a2687.xml
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Program Files\ParetoLogic
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2008-04-19 15:07 . 2008-04-19 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-19 14:59 . 2008-04-20 14:01 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-19 14:58 . 2008-04-20 14:01 <DIR> d-------- C:\Program Files\McAfee
2008-04-19 14:56 . 2008-04-20 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-19 14:40 . 2008-04-20 14:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 20:31 . 2008-04-16 20:31 <DIR> d-------- C:\Program Files\MIKSOFT
2008-04-15 17:13 . 2008-04-15 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VideoEgg
2008-04-12 20:21 . 2008-04-12 20:31 3,320 --a------ C:\WINDOWS\desctemp.dat
2008-04-12 19:34 . 2008-04-12 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-12 19:29 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-04-12 19:29 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-04-12 19:29 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-04-12 19:29 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-04-12 19:29 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-04-12 19:28 . 2008-04-12 19:28 <DIR> d-------- C:\Program Files\IVT Corporation
2008-04-11 15:58 . 2008-04-11 15:58 <DIR> d-------- C:\Program Files\Sound Station
2008-04-11 15:58 . 2003-09-18 09:21 9,874 --a------ C:\WINDOWS\system32\drivers\UAFilter.sys
2008-04-11 15:54 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-11 15:54 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-11 15:53 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-11 15:53 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-10 20:14 . 2008-04-20 10:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 19:49 . 2008-04-10 19:50 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-10 19:44 . 2008-04-10 19:50 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{8886169A-FE81-40A1-ABEC-74CE0C807E74}
2008-04-10 19:41 . 2008-04-10 19:41 <DIR> d-------- C:\Program Files\TotalAudioConverter
2008-04-10 19:41 . 2008-04-10 19:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Softplicity
2008-04-07 22:25 . 2008-04-07 22:27 <DIR> d-------- C:\Program Files\BitLord
2008-04-06 09:26 . 2008-04-19 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 09:12 . 2008-04-06 09:12 <DIR> d-------- C:\Program Files\CCleaner
2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\AC3Filter
2008-04-05 14:26 . 2007-08-09 12:27 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-04 18:31 . 2008-04-19 17:55 <DIR> d-------- C:\Program Files\Windows Live
2008-04-04 18:31 . 2008-04-20 14:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 18:31 . 2008-04-20 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-04 13:07 . 2008-04-04 13:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 13:07 . 2008-04-04 13:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-04 13:01 . 2008-04-04 13:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-04 08:46 . 2008-04-23 20:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 08:46 . 2008-04-04 08:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 08:45 . 2008-04-04 08:45 <DIR> d-------- C:\Program Files\iPod
2008-04-04 08:44 . 2008-04-04 08:45 <DIR> d-------- C:\Program Files\iTunes
2008-04-04 08:42 . 2008-04-04 08:43 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 18:28 . 2008-04-03 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Macrovision
2008-04-03 17:55 . 2007-11-05 11:56 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-04-03 17:54 . 2008-04-03 17:54 <DIR> d-------- C:\Program Files\Vodafone
2008-04-03 17:54 . 2008-04-03 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-03 17:54 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-03 17:54 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-03 17:06 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-31 22:25 . 2008-03-31 22:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 22:25 . 2008-03-31 22:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 22:25 . 2008-03-31 22:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 22:25 . 2008-03-31 22:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 20:45 . 2008-03-24 20:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 12:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 11:52 --------- d-----w C:\Program Files\DivX
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-03 18:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 10:48 906480]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19 118784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"fvke"="C:\WINDOWS\system32\fvke.exe" [2008-04-20 21:59 58368]
"strpmon"="C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" [2008-02-26 09:40 426496]
"Salestart"="C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" [2008-02-26 09:40 426496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g Wireless LAN PCI Card Utility.lnk - C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe [2007-09-09 14:10:28 5840384]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 05:05:56 65588]
Sound Station.lnk - C:\Program Files\Sound Station\SNXUACP.exe [2008-04-11 15:58:59 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOICSi]
ssqOICSi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayXRLee]
yayXRLee.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\Administrator\\fvas.exe"=
"C:\\WINDOWS\\system32\\fvke.exe"=

R3 PAC207;SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-09-18 09:21]
S3 NETMW145;Belkin N1 Wireless Desktop Card Service for Windows XP;C:\WINDOWS\system32\DRIVERS\NETMW145.sys [2006-08-15 19:43]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{68da06c4-019e-11dd-bba1-00120e536f89}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{68da06c5-019e-11dd-bba1-00120e536f89}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d03b7fcb-07d7-11dd-bbb0-b7952cb44c08}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d03b7fcc-07d7-11dd-bbb0-b7952cb44c08}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 10:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-22 23:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-23 20:35:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\TEMP\b4drknz6.TMP
C:\Program Files\temp

scan completed successfully
hidden files: 2

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-23 20:39:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-23 19:39:31

Pre-Run: 30,805,475,328 bytes free
Post-Run: 30,743,777,280 bytes free

227 --- E O F --- 2008-04-12 12:07:37

thats the combofix report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:52:12, on 23/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\fvke.exe
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Sound Station\SNXUACP.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\BitLord\BitLord.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [fvke] C:\WINDOWS\system32\fvke.exe \u
O4 - HKLM\..\Run: [strpmon] "C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe" dm=http://systemerrorfixer.com ad=http://systemerrorfixer.com sd=http://inspaid.systemerrorfixer.com
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'Default user')
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sound Station.lnk = C:\Program Files\Sound Station\SNXUACP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188500080500
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{380F22F5-3F21-4A61-9B53-8506F3BA71F4}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{380F22F5-3F21-4A61-9B53-8506F3BA71F4}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqOICSi - ssqOICSi.dll (file missing)
O20 - Winlogon Notify: yayXRLee - yayXRLee.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7974 bytes

the hijackthis report

thanks steve

**cybertech** · 24-Apr-2008, 12:33 PM #6

Open Notepad and copy and paste the text in the quote box below into it:

Quote:

KILLALL::
File::
C:\WINDOWS\system32\lawsccdg.ini
C:\WINDOWS\system32\qoggwvdq.ini
C:\WINDOWS\system32\fvke.exe
C:\Documents and Settings\Administrator\fvas.exe
C:\WINDOWS\system32\btjqglfe.ini
C:\WINDOWS\BMc32a2687.xml
C:\WINDOWS\TEMP\b4drknz6.TMP
Folder::
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\All Users\Application Data\systemerrorfixer
C:\Program Files\Common Files\SystemErrorFixer
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fvke"=-
"strpmon"=-
"Salestart"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqOICSi]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayXRLee]

Save the file to you desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Please download Malwarebytes Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy the entire report and paste it in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

dragon61651 · 24-Apr-2008, 02:55 PM #7

hey this is the combofix log

ComboFix 08-04-22.5 - Administrator 2008-04-24 19:30:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.293 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Administrator\fvas.exe
C:\WINDOWS\BMc32a2687.xml
C:\WINDOWS\system32\btjqglfe.ini
C:\WINDOWS\system32\fvke.exe
C:\WINDOWS\system32\lawsccdg.ini
C:\WINDOWS\system32\qoggwvdq.ini
C:\WINDOWS\TEMP\b4drknz6.TMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\fvas.exe
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\All Users\Application Data\systemerrorfixer
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\ac
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\em
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\oid
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\SystemErrorFixer.exe.cer
C:\Documents and Settings\All Users\Application Data\systemerrorfixer\Data\user
C:\Program Files\Common Files\SystemErrorFixer
C:\Program Files\Common Files\SystemErrorFixer\strpmon.exe
C:\WINDOWS\BMc32a2687.xml
C:\WINDOWS\system32\btjqglfe.ini
C:\WINDOWS\system32\fvke.exe
C:\WINDOWS\system32\lawsccdg.ini
C:\WINDOWS\system32\qoggwvdq.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-23 20:26 . 2008-04-23 20:26 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-23 17:50 . 2008-04-23 17:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-23 17:41 . 2008-04-23 18:08 <DIR> d-------- C:\SDFix
2008-04-23 15:04 . 2008-04-23 15:04 491,520 --a------ C:\WINDOWS\~DF4115.tmp
2008-04-23 13:10 . 2008-04-23 15:03 <DIR> d-------- C:\_OTMoveIt
2008-04-22 15:06 . 2008-04-22 15:07 491,520 --a------ C:\WINDOWS\~DFCD27.tmp
2008-04-21 20:23 . 2008-04-21 20:23 2,112 --a------ C:\Documents and Settings\Administrator\Application Data\update.log
2008-04-21 20:17 . 2008-04-21 21:17 <DIR> d-------- C:\Program Files\SystemErrorFixer
2008-04-21 15:27 . 2008-04-23 14:59 <DIR> d-------- C:\MSNCleaner
2008-04-20 21:28 . 2008-04-20 21:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 20:40 . 2008-04-20 20:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-20 18:46 . 2008-04-20 20:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-04-20 15:36 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-20 15:35 . 2008-04-20 15:36 <DIR> d-------- C:\Program Files\Java
2008-04-20 15:34 . 2008-04-20 15:34 <DIR> d-------- C:\Program Files\Common Files\Java
2008-04-20 10:57 . 2008-04-23 14:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
2008-04-20 10:41 . 2008-04-20 15:31 <DIR> d-------- C:\Program Files\LimeWire
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Program Files\ParetoLogic
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-04-20 08:59 . 2008-04-20 08:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
2008-04-19 15:07 . 2008-04-19 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-04-19 14:59 . 2008-04-20 14:01 <DIR> d-------- C:\Program Files\McAfee.com
2008-04-19 14:58 . 2008-04-20 14:01 <DIR> d-------- C:\Program Files\McAfee
2008-04-19 14:56 . 2008-04-20 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-04-19 14:40 . 2008-04-20 14:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-16 20:31 . 2008-04-16 20:31 <DIR> d-------- C:\Program Files\MIKSOFT
2008-04-15 17:13 . 2008-04-15 17:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VideoEgg
2008-04-12 20:21 . 2008-04-12 20:31 3,320 --a------ C:\WINDOWS\desctemp.dat
2008-04-12 19:34 . 2008-04-12 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-04-12 19:29 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\drivers\kswdmcap.ax
2008-04-12 19:29 . 2004-08-04 00:56 61,952 --a------ C:\WINDOWS\system32\drivers\kstvtune.ax
2008-04-12 19:29 . 2004-08-04 00:56 53,760 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2008-04-12 19:29 . 2004-08-04 00:56 43,008 --a------ C:\WINDOWS\system32\drivers\ksxbar.ax
2008-04-12 19:29 . 2004-08-04 00:56 28,672 --a------ C:\WINDOWS\system32\drivers\vidcap.ax
2008-04-12 19:28 . 2008-04-12 19:28 <DIR> d-------- C:\Program Files\IVT Corporation
2008-04-11 15:58 . 2008-04-11 15:58 <DIR> d-------- C:\Program Files\Sound Station
2008-04-11 15:58 . 2003-09-18 09:21 9,874 --a------ C:\WINDOWS\system32\drivers\UAFilter.sys
2008-04-11 15:54 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-11 15:54 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-11 15:53 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-11 15:53 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-10 20:14 . 2008-04-20 10:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-10 19:49 . 2008-04-10 19:50 <DIR> d-------- C:\Program Files\Blaze Media Pro
2008-04-10 19:44 . 2008-04-10 19:50 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\{8886169A-FE81-40A1-ABEC-74CE0C807E74}
2008-04-10 19:41 . 2008-04-10 19:41 <DIR> d-------- C:\Program Files\TotalAudioConverter
2008-04-10 19:41 . 2008-04-10 19:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Softplicity
2008-04-07 22:25 . 2008-04-07 22:27 <DIR> d-------- C:\Program Files\BitLord
2008-04-06 09:26 . 2008-04-19 15:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 09:12 . 2008-04-06 09:12 <DIR> d-------- C:\Program Files\CCleaner
2008-04-05 14:26 . 2008-04-05 14:26 <DIR> d-------- C:\Program Files\AC3Filter
2008-04-05 14:26 . 2007-08-09 12:27 380,928 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-04-04 18:31 . 2008-04-19 17:55 <DIR> d-------- C:\Program Files\Windows Live
2008-04-04 18:31 . 2008-04-20 14:00 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-04 18:31 . 2008-04-20 10:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-04 13:07 . 2008-04-04 13:07 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-04-04 13:07 . 2008-04-04 13:07 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-04 13:01 . 2008-04-04 13:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-04 08:46 . 2008-04-24 19:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 08:46 . 2008-04-04 08:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 08:45 . 2008-04-04 08:45 <DIR> d-------- C:\Program Files\iPod
2008-04-04 08:44 . 2008-04-04 08:45 <DIR> d-------- C:\Program Files\iTunes
2008-04-04 08:42 . 2008-04-04 08:43 <DIR> d-------- C:\Program Files\QuickTime
2008-04-03 18:28 . 2008-04-03 18:28 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Macrovision
2008-04-03 17:55 . 2007-11-05 11:56 101,120 -ra------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2008-04-03 17:54 . 2008-04-03 17:54 <DIR> d-------- C:\Program Files\Vodafone
2008-04-03 17:54 . 2008-04-03 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-03 17:54 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-03 17:54 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-03 17:06 . 2007-07-09 14:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-31 22:25 . 2008-03-31 22:25 831,488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 22:25 . 2008-03-31 22:25 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 22:25 . 2008-03-31 22:25 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 22:25 . 2008-03-31 22:25 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2008-03-31 22:25 . 2008-03-31 22:25 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-24 20:45 . 2008-03-24 20:45 630,784 --a------ C:\WINDOWS\system32\divxdec.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 14:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-08 12:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-08 11:52 --------- d-----w C:\Program Files\DivX
2008-04-04 17:29 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-04-03 18:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
.

((((((((((((((((((((((((((((( snapshot@2008-04-23_20.39.17.81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-23 19:34:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 18:32:53 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-03 16:54:39 2,806 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\ARPPRODUCTICON.exe
+ 2008-04-23 19:44:07 2,806 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\ARPPRODUCTICON.exe
- 2008-04-03 16:54:39 65,536 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe
+ 2008-04-23 19:44:07 65,536 ----a-r C:\WINDOWS\Installer\{B5761811-28F3-4257-B537-815C5EEF472C}\NewShortcut1_5E3003BD8B2446E5BEDC66B4435E8637.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 15:41 222128]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 10:48 906480]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-10-02 13:37 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-10-02 13:19 118784]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g Wireless LAN PCI Card Utility.lnk - C:\Program Files\Nonbrand\802.11g Wireless LAN PCI Card Driver and Utility\RtWlan.exe [2007-09-09 14:10:28 5840384]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 05:05:56 65588]
Sound Station.lnk - C:\Program Files\Sound Station\SNXUACP.exe [2008-04-11 15:58:59 643072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 PAC207;SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
R3 uafilter;uafilter;C:\WINDOWS\system32\DRIVERS\uafilter.sys [2003-09-18 09:21]
S3 NETMW145;Belkin N1 Wireless Desktop Card Service for Windows XP;C:\WINDOWS\system32\DRIVERS\NETMW145.sys [2006-08-15 19:43]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{68da06c4-019e-11dd-bba1-00120e536f89}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{68da06c5-019e-11dd-bba1-00120e536f89}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{b60a7642-0eda-11dd-bbba-0011674c1629}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d03b7fcb-07d7-11dd-bbb0-b7952cb44c08}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{d03b7fcc-07d7-11dd-bbb0-b7952cb44c08}]
\Shell\AutoRun\command - G:\StartVMCLite.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 10:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 23:33:00 C:\WINDOWS\Tasks\ParetoLogic Update.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 19:33:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Program Files\temp

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-04-24 19:38:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 18:38:00
ComboFix2.txt 2008-04-23 19:39:35

Pre-Run: 30,683,914,240 bytes free
Post-Run: 30,712,315,904 bytes free

219 --- E O F --- 2008-04-12 12:07:37

thanks

steve

dragon61651 · 24-Apr-2008, 02:56 PM #8

and this is the mbam log

Malwarebytes' Anti-Malware 1.11
Database version: 677

Scan type: Quick Scan
Objects scanned: 31268
Time elapsed: 7 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 274

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\video egg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MozillaPlugins\@videoegg.com/Publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\SystemErrorFixer (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

more to follow

dragon61651 · 24-Apr-2008, 02:57 PM #9

Files Infected:
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\SystemErrorFixer\swupd.log (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark _1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_dow n.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_ove r.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_hig hlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_le ft.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_le ft_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_ri ght.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom _left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertic al.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instruction s.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highligh ted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highli ghted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disa bled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forwa rd.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forwa rd_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_dis abled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_ start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_dis abled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_dow n.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_ove r.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highli ght.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disa bled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselec ted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbna il.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highli ghted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left. png (Adware.VideoEgg) -> Quarantined and deleted successfully.

dragon61651 · 24-Apr-2008, 02:57 PM **#10**

C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_ curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_le ft.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlight ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disable d.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_ disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabl ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_sta rt.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabl ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.p ng (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disable d.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highl ight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight .png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highligh t.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail. png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.pn g (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlight ed.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

the rest thanks steve

**cybertech** · 24-Apr-2008, 03:16 PM **#11**

Please post your hijackthis log again.

How is it running now? Any problems?

dragon61651 · 25-Apr-2008, 01:06 AM **#12**

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:05:44, on 25/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Sound Station\SNXUACP.exe
C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
G:\PhoneConnectorVMC.exe
C:\Program Files\vodafone\vmclite\vmc.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bebo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe (User 'Default user')
O4 - Startup: Cleanup.lnk = C:\Program Files\Ontrack\Internet Cleanup\onictask.exe
O4 - Global Startup: 802.11g Wireless LAN PCI Card Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Sound Station.lnk = C:\Program Files\Sound Station\SNXUACP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188500080500
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{380F22F5-3F21-4A61-9B53-8506F3BA71F4}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CS1\Services\Tcpip\..\{380F22F5-3F21-4A61-9B53-8506F3BA71F4}: NameServer = 139.7.30.125 139.7.30.126
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 7633 bytes

thats the hijack this log

seems to be working fine so far

many thanks

steve

**cybertech** · 25-Apr-2008, 11:38 AM **#13**

Great!

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

It's a good idea to Flush your System Restore after removing malware:
Turn off system restore and then turn it back on: http://support.microsoft.com/kb/310405

Now you should Clean up your PC

Here are some additional links for you to check out to help you with your computer security.

How did I get infected in the first place.

Good free tools and advice on how to tighten your security settings.

Security Help Tools

Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan vba video virus vista vundo windows windows 7 windows vista windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)