Live Chat & Podcast at 1:00PM Eastern on Sunday!
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
Virus & Other Malware Removal
Go to first new post How did you find PC CLEANER PRO on my c ...
Go to first new post Trojan: Win32/Alureon.FK - hijack this l ...
Go to first new post Black desktop, missing all shortcuts, fi ...
Go to first new post Missing Photos/Black Desktop/Phantom Use ...
Go to first new post Network, good; Internet, bad
Go to first new post Need Help
Go to first new post Odd Processes/SCODEF-CREDAT/possible vir ...
Go to first new post Google Hijacker/Google Search Result vir ...
Go to first new post server not found
Go to first new post slow computer, downloads over a few mb f ...
Go to first new post Ramnit virus, nearly cleared
Go to first new post Windows live Messenger Virus
Go to first new post We Got System Checked :-(
Go to first new post This setup thing keeps popping up everyd ...
Go to first new post Extremely unresponsive, massive hang-ups ...
Tag Cloud
access acer asus batch bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Virus & Other Malware Removal >
Solved: W32/Rootkit.BAK - I've been ignored for FOUR MONTHS! Please help :(

Page 1 of 2 1 2
Reply  
Thread Tools
ChipZip67's Avatar
Junior Member with 10 posts.
  
Join Date: Apr 2009
Location: UK
Experience: Intermediate
17-Jul-2009, 12:11 PM #1
W32/Rootkit.BAK - I've been ignored for FOUR MONTHS! Please help :(
W32/Rootkit.BAK
I have recieved this virus W32/Rootkit.bac, and its stopping any updates and other applications! I can't seem to find out how to remove it or where it is, my virus scan says it will be deleted after I reboot but it returns as soon as i try viewing anything on the web, i thought by uninstalling and then re-installing Internet Explorer would help but it hasn't, does anyone know what to do? I BEG FOR YOUR HELP!!

I have it for months now and i really need it sorting, i almost reformatted my PC.. but i dont have any external storage to back everything up!

Please helpp!!



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:08:55, on 17/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe
C:\Users\Freddy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.formula1.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...PUplden-gb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28D5FBF9-3EC0-417F-A10B-B2C17F97A9E8}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\..\{299AD407-1516-462C-A4E7-8F021A77927F}: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Google Update Service (gupdate1c9935b12a7018a) (gupdate1c9935b12a7018a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12050 bytes
Register for free to hide this ad!
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,857 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
17-Jul-2009, 04:41 PM #2
ChipZip67:

I received your private message about this thread. It's posted here in the "Malware Removal & HijackThis Logs" section, so the malware experts need to deal with you with your rootkit problem.

If you have important files, photos, videos, music, etc. that you don't want to lose, you can back them up on CD-R's. You don't necessarily need to back them up in an external hard drive.

While you're waiting for assistance from a malware expert, go here to download Malwarebytes Anti-Malware 1.39, go here to download SUPERAntiSpyware 4.26.0.1006, and go here to download Sun Java Runtime Environment 1.6.0.14. Just download and save them for now. Don't install them yet.

---------------------------------------------------------------
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
17-Jul-2009, 07:23 PM #3
Hi ChipZip67,

Please follow flavallee's advice and I'm subscribed to the thread in case I can help.
ChipZip67's Avatar
Junior Member with 10 posts.
  
Join Date: Apr 2009
Location: UK
Experience: Intermediate
17-Jul-2009, 07:29 PM #4
okay, thanks

i have followed the instructions, iv downloaded the different things..

hope this can be sorted out, thanks for subscribing.. much appriciated
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
17-Jul-2009, 08:50 PM #5
Please post the logs from the scanners.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,857 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
18-Jul-2009, 09:17 AM #6
ChipZip67:

Cybertech wants to see the scanner log results.

Install Malwarebytes and SUPERAntiSpyware, run their update function to get them up-to-date, then do a quick scan with them - one at a time of course. Once they're done, go into their log function and obtain the log, then copy-the-paste the logs here.

---------------------------------------------------------------
ChipZip67's Avatar
Junior Member with 10 posts.
  
Join Date: Apr 2009
Location: UK
Experience: Intermediate
18-Jul-2009, 02:38 PM #7
Hi.

I did the scans, logs posted!

There was one issue, I went to update Malwarebytes as instructed but it failed to update.. could this be due to the virus? Its stopping any other updates taking place so i think its probably related..

Thank you for your time and effort, much appreciated.

Malwarebytes Log

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 6.0.6001 Service Pack 1
18/07/2009 17:51:46
mbam-log-2009-07-18 (17-51-44).txt
Scan type: Quick Scan
Objects scanned: 89950
Time elapsed: 9 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 31
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 15
Files Infected: 155
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e 62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c504 1fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\video egg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\{NSINAME} (Trojan.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameS erver (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{28d5fbf9-3ec0-417f-a10b-b2c17f97a9e8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Inter faces\{299ad407-1516-462c-a4e7-8f021a77927f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServe r (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interface s\{28d5fbf9-3ec0-417f-a10b-b2c17f97a9e8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interface s\{299ad407-1516-462c-a4e7-8f021a77927f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServe r (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interface s\{28d5fbf9-3ec0-417f-a10b-b2c17f97a9e8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interface s\{299ad407-1516-462c-a4e7-8f021a77927f}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> No action taken.
Folders Infected:
C:\Windows\System32\Win1 (Trojan.Downloader) -> No action taken.
C:\Users\Freddy\AppData\Roaming\VideoEgg (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Loader (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Loader\4665 (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Publisher (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520 (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ messages (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4665 (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\4665 (Adware.VideoEgg) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coolplay (Trojan.DNSChanger) -> No action taken.
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\coolplay (Trojan.DNSChanger) -> No action taken.
Files Infected:
C:\Users\Freddy\AppData\Roaming\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
c:\Windows\downloaded program files\VideoEggPublisher.exe (Malware.Tool) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\publisher.ver (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\avcodec.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\crashRpt.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\lame_enc.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\libcurlve.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\libpng.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\VideoEgg_FLVWriter. ax (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\zlib.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\aol_watermark.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\audio_combo.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\audio_source.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\big_gray_logo.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\big_logo_cropped.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\blank_slide.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\button_browse_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\button_browse_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\button_browse_up.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\camcorders_title.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\camcorder_slide.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\corners_bottom_left.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\corners_bottom_left_curve.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\corners_bottom_right.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\corners_top_right.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\done.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\done_capture.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\done_capture_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\done_capture_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\done_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\done_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dropshadow_bottom_left.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dropshadow_horiz.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dropshadow_vertical.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dropzone.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dv_fast_forward.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dv_pause.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dv_play.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dv_rewind.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\dv_stop.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\email_instructions.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\email_sent.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\email_sent_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\email_sent_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\eraser.CUR (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\eraser_cursor.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\file_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\file_slide.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\help.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_camcorder.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_camcorders.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_camcorder_dark.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_camcorder_light.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_ff.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_file_dark.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_file_light.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_pause.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_phone_dark.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_phone_light.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_play.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_rewind.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_stop.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_webcam.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_webcams.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_webcam_dark.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\icon_webcam_light.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\loading.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\loading_movie.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\locating.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\logo.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\logo_bottom.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\logo_middle.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\logo_top.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\mobile_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\mobile_slide.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\mobile_slide_disabled.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\movie_placeholder.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\ok.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\ok_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\ok_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_fast_forward.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_fast_forward_disabled.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_fill.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_pause.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_play.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_rewind.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_rewind_disabled.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\player_rewind_to_start.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\playhead.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\powered_by.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\progress.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\refresh_list_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\refresh_list_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\refresh_list_up.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\restart.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\restart_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_capture.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_capture_disabled.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_capture_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_capture_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_over_highlight.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\start_slider.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\stop_capture.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\stop_capture_disabled.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\stop_capture_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\stop_capture_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\stop_slider.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\tab_slide_deselected.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\tape_control.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_camcorder.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_camcorder_highlight.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_file.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_file_highlight.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_phone.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_phone_highlight.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_webcam.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\text_webcam_highlight.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\title.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\upload.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\uploading.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\uploading_fill.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\uploading_high.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\uploading_low.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\uploading_medium.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\uploading_thumbnail.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\upload_down.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\upload_from.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\upload_over.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_gray.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_green.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_high.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_low.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_orange.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_red.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\volume_slider.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\waiting_for_email.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\webcams_title.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\webcam_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ images\webcam_slide.png (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\publisher\4520\resources\VideoEgg\ messages\messages.en-US.bundle (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> No action taken.
c:\Users\Freddy\AppData\Roaming\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> No action taken.
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> No action taken.
c:\Windows\System32\drivers\gaopdxpvcyvetf.sys (Trojan.Agent) -> No action taken.



SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 07/18/2009 at 06:33 PM
Application Version : 4.26.1006
Core Rules Database Version : 3952
Trace Rules Database Version: 1894
Scan type : Quick Scan
Total Scan Time : 00:51:29
Memory items scanned : 561
Memory threats detected : 0
Registry items scanned : 598
Registry threats detected : 4
File items scanned : 47079
File threats detected : 3
Adware.Tracking Cookie
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\freddy@atdmt[2].txt
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\freddy@bs.serving-sys[1].txt
C:\Users\Freddy\AppData\Roaming\Microsoft\Windows\Cookies\freddy@serving-sys[2].txt
Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{28D5FBF9-3EC0-417F-A10B-B2C17F97A9E8}#NAMESERVER
HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS\INTERFACES\{299AD407-1516-462C-A4E7-8F021A77927F}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{28D5FBF9-3EC0-417F-A10B-B2C17F97A9E8}#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{299AD407-1516-462C-A4E7-8F021A77927F}#NAMESERVER



Hope you can make something out of all this..
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
18-Jul-2009, 03:07 PM #8
Quote:
No action taken
Did you allow Malwarebytes to fix those items?


I need to see a new hijackthis log please.
ChipZip67's Avatar
Junior Member with 10 posts.
  
Join Date: Apr 2009
Location: UK
Experience: Intermediate
18-Jul-2009, 03:10 PM #9
oh sorry! No i didnt ask it to fix anything, ill do that now, my bad..

To clarify.. i let both programes fix what it found? Then post a HJT log?
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
18-Jul-2009, 03:14 PM #10
Yes.
ChipZip67's Avatar
Junior Member with 10 posts.
  
Join Date: Apr 2009
Location: UK
Experience: Intermediate
18-Jul-2009, 04:36 PM #11
..and here is the HJT log as requested..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:01, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\NoteBurner\VTBurnerGUI.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Freddy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.formula1.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [PCguard] "C:\Program Files\Virgin Broadband\PCguard\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Virgin Broadband\PCguard\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Virgin Broadband\PCguard\IdxClnR.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [iLike] C:\Program Files\iLike\1.2.14\ilikesidebar.exe /checkforupdate (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01...PUplden-gb.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.vista.exe
O23 - Service: Google Update Service (gupdate1c9935b12a7018a) (gupdate1c9935b12a7018a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Virgin Broadband PCguard Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Virgin Broadband\PCguard\rpsupdaterR.exe
O23 - Service: PCguard Firewall (RP_FWS) - Virgin Media - C:\Program Files\Virgin Broadband\PCguard\Fws.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 11726 bytes






*note*

.I was asked to restart my computer to complete the removal process. I did so however the ‘blue screen of death’ came up before the computer fully shut down – as it always does. I don’t actually know if this is related to the virus, but its been a problem for as long as iv been aware of this virus so I think its related.

.However, after manually turning the computer off and back on, Windows automatically started to update, it was unable to do this before which may imply it’s almost sorted did get that BSoD though like before, so not sure..

.Its telling me the update is downloaded, however it has got to the stage ‘preparing to install’ and has been on this screen, not doing anything for over an hour..

Awaiting your opinion..

Thanks again for your time.
flavallee's Avatar
Computer Specs
Trusted Advisor with 40,857 posts.
  
Join Date: May 2002
Location: Brandon/Valrico, Florida
Experience: Advanced
18-Jul-2009, 08:14 PM #12
Quote:
Originally Posted by ChipZip67 View Post
oh sorry! No i didnt ask it to fix anything, ill do that now, my bad..

To clarify.. i let both programes fix what it found? Then post a HJT log?
Cybertech:

That's partially my fault. I just read my instructions to ChipZip67 in post #6 about installing, updating, and doing a scan with MBAM and SAS. I neglected to tell him to select and fix everything they found after the scan completed.

---------------------------------------------------------------
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
19-Jul-2009, 03:28 PM #13
Run HJT again, Right click and Run as Administrator, put a check in the following:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Close all applications and browser windows before you click "fix checked".



We will need to codes from the BSOD(s) to aide in the research of that problem.





Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u14-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u14-windows-i586-p.exe and select "Run as an Administrator".)
ChipZip67's Avatar
Junior Member with 10 posts.
  
Join Date: Apr 2009
Location: UK
Experience: Intermediate
20-Jul-2009, 06:27 AM #14
Hiya..

I followed all the instructions.
.'fixed' the item from HJT.
.posted the Kaspersky log.
.and installed the Java version.

Hope this helps get to the bottom of all this..
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
cybertech's Avatar
Computer Specs
Malware Removal Specialist with 69,217 posts.
  
Join Date: Apr 2002
Location: Washington State
20-Jul-2009, 03:36 PM #15
You need to empty the recycle bin with your F drive engaged.


Please download the OTM by OldTimer.
  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy all the lines in the quote box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Quote:
    :Files
    C:\Users\Freddy\AppData\Local\VirtualStore\Windows\System32\wscmp.dll.tmp
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Also post a new hijackthis log and let us know if you are having any problems.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 2 1 2

Tags
cant update, update fail, virus attack, w32/rootkit.bak

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 12:58 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.