Solved: C:\winlogon.exe

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9

SDFix: Version 1.227
Run by Administrator on Sun 09/21/2008 at 04:50 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :

Restoring Default Security Values
Restoring Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\superiorads-uninst.exe - Deleted
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url - Deleted
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url - Deleted
C:\WINDOWS\system32\dcads-remove.exe - Deleted
C:\WINDOWS\system32\superiorads-uninst.exe - Deleted


Removing Temp Files
ADS Check :


Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-21 17:00:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:b0,6c,a2,93,ae,88,ac,6f,78,1e,7a,ea,04,d3,aa,88,51,d2,4c,a8,ed,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:32,63,ab,87,73,77,59,a4,3d,be,fe,4c,80,d8,26,33,07,84,5d,a6,57,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,84,fc,15,ce,a5,86,fb,5c,64,1d,37,59,38,b1,0f,f7,0a,..
"khjeh"=hex:36,01,76,27,40,bf,c9,7e,f7,21,20,3e,e0,11,bf,5a,5b,aa,bc,5a,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e4,0a,b7,0f,21,b1,01,f7,be,fe,92,5f,b3,8d,87,2f,a7,ec,a1,39,08,..
scanning hidden registry entries ...
scanning hidden files ...
C:\Documents and Settings\joSH\My Documents\My Completed Downloads\uTORRENT\Adobe Photoshop CS3 + Keygen -Working!\METAI CHECK THAT YOU HAVE THESE INSTALLED B4 U START EH Essential Softwares for Hacking\PowerISO v3.7 With Keygen by FFF torrent by matt14\PowerISO 3.7.JPG:Roxio EMC Stream 76 bytes hidden from API
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Remaining Services :


Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Free Download Manager\\fdm.exe"="C:\\Program Files\\Free Download Manager\\fdm.exe:*:Enabled:Free Download Manager"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 23 Aug 2006 210 A.SHR --- "C:\BOOT.BAK"
Mon 24 Dec 2007 647,666 A..H. --- "C:\Downloads\WMQloudSetup.exe"
Tue 11 Sep 2007 52,770,576 A..H. --- "C:\Downloads\Software\dotnetfx3(1).exe"
Thu 15 Nov 2007 5,088,488 A..H. --- "C:\Downloads\Software\vtp7.zip"
Tue 22 Apr 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 15 Sep 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 13 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 14 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3470d8afe674adae2ee1cba944cf0413\BIT2.tmp"
Wed 19 Mar 2008 11,969,534 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b0762000dc383d688a1853253b57c370\BIT2.tmp"
Thu 13 Sep 2007 9,318,184 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb43ef5bd14e6f52f7ee8f7fa8c29424\BIT1.tmp"
Sat 24 Nov 2007 9,843,864 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\CT4Skype_ap.exe"
Thu 15 Nov 2007 67,196,968 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\directx_nov2007_redist.exe"
Wed 12 Sep 2007 52,770,576 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\dotnetfx3.exe"
Sun 23 Sep 2007 1,000,792 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\Norton_Removal_Tool(1).exe"
Wed 12 Sep 2007 25,752,376 A..H. --- "C:\Documents and Settings\joSH\My Documents\My Completed Downloads\Softwares\wmp11-windowsxp-x86-enu.exe"
Mon 12 Nov 2007 713,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0087.tmp"
Mon 12 Nov 2007 732,160 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0133.tmp"
Mon 19 Nov 2007 2,275,840 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0291.tmp"
Mon 19 Nov 2007 2,275,840 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0297.tmp"
Sun 11 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0361.tmp"
Mon 12 Nov 2007 712,704 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0364.tmp"
Mon 12 Nov 2007 732,160 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0383.tmp"
Mon 12 Nov 2007 719,360 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0447.tmp"
Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0450.tmp"
Mon 19 Nov 2007 2,274,816 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0474.tmp"
Mon 12 Nov 2007 715,776 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0615.tmp"
Mon 12 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0687.tmp"
Sun 11 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0714.tmp"
Mon 12 Nov 2007 718,848 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0776.tmp"
Mon 19 Nov 2007 2,249,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0868.tmp"
Mon 12 Nov 2007 28,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0892.tmp"
Mon 12 Nov 2007 733,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0895.tmp"
Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL0977.tmp"
Mon 12 Nov 2007 731,648 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1014.tmp"
Sun 11 Nov 2007 25,088 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1066.tmp"
Mon 12 Nov 2007 719,872 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1078.tmp"
Mon 12 Nov 2007 733,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1168.tmp"
Mon 12 Nov 2007 712,704 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1217.tmp"
Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1232.tmp"
Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1279.tmp"
Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1340.tmp"
Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1497.tmp"
Mon 12 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1527.tmp"
Mon 12 Nov 2007 718,848 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1563.tmp"
Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1702.tmp"
Mon 12 Nov 2007 713,216 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1791.tmp"
Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1846.tmp"
Mon 12 Nov 2007 719,872 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1852.tmp"
Mon 12 Nov 2007 717,312 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1854.tmp"
Mon 12 Nov 2007 719,872 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1950.tmp"
Mon 19 Nov 2007 2,274,816 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1951.tmp"
Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1979.tmp"
Mon 19 Nov 2007 1,588,224 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL1992.tmp"
Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2140.tmp"
Sun 11 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2228.tmp"
Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2341.tmp"
Sun 11 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2385.tmp"
Mon 12 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2467.tmp"
Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2486.tmp"
Mon 12 Nov 2007 720,896 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2494.tmp"
Mon 12 Nov 2007 27,648 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2583.tmp"
Mon 12 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2739.tmp"
Mon 12 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2798.tmp"
Mon 12 Nov 2007 733,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2845.tmp"
Mon 12 Nov 2007 732,160 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2848.tmp"
Mon 12 Nov 2007 718,336 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2854.tmp"
Mon 12 Nov 2007 713,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL2982.tmp"
Mon 19 Nov 2007 2,249,728 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3021.tmp"
Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3037.tmp"
Mon 12 Nov 2007 29,184 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3088.tmp"
Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3128.tmp"
Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3147.tmp"
Mon 12 Nov 2007 720,384 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3221.tmp"
Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3227.tmp"
Mon 12 Nov 2007 712,704 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3448.tmp"
Sun 11 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3477.tmp"
Mon 12 Nov 2007 716,288 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3483.tmp"
Mon 12 Nov 2007 715,776 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3499.tmp"
Mon 19 Nov 2007 2,275,840 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3510.tmp"
Sun 11 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3570.tmp"
Mon 12 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3608.tmp"
Mon 19 Nov 2007 2,274,816 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL3928.tmp"
Mon 12 Nov 2007 732,672 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\~WRL4062.tmp"
Tue 24 Apr 2007 167,936 A.SH. --- "C:\Documents and Settings\joSH\My Documents\My Pictures\UNI PHOTOS\ms305 fieldtrip\SIVE94.tmp"
Sun 4 Nov 2007 30,208 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0467.tmp"
Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0636.tmp"
Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0768.tmp"
Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL0834.tmp"
Sun 4 Nov 2007 47,104 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1333.tmp"
Sun 4 Nov 2007 30,208 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1345.tmp"
Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1447.tmp"
Sun 4 Nov 2007 47,104 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1756.tmp"
Sun 4 Nov 2007 38,912 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL1780.tmp"
Sun 4 Nov 2007 31,744 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL2317.tmp"
Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3272.tmp"
Sun 4 Nov 2007 42,496 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3317.tmp"
Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3537.tmp"
Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3565.tmp"
Sun 4 Nov 2007 30,720 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL3729.tmp"
Sun 4 Nov 2007 31,232 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 306\Essay\~WRL4007.tmp"
Thu 9 Aug 2007 42,496 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\Data\~WRL2197.tmp"
Sun 11 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\joSH\My Documents\OFFICE\MS 311\Project\~WRL0693.tmp"
Sun 29 Jun 2008 1,664 A.SH. --- "C:\Documents and Settings\joSH\Application Data\Roxio\Dragon\3.x\DiscInfoCache\COMBO_IDE5232CO_KJ44_000_DICV018_DRGVA000047.TMP"
Finished!
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Hiya and welcome to Tech Support Guy :)

Are you still having this program? If so, lets take a look at a HijackThis Log:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Regards

eddie
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
ComboFix 08-10-17.01 - joSH 2008-10-18 22:43:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.161 [GMT 12:00]
Running from: C:\Documents and Settings\joSH\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\joSH\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* new restore point
Other Deletions
C:\Documents and Settings\joSH\Application Data\.#
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023710.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023720.###
C:\Documents and Settings\joSH\Application Data\.#\[email protected]@1023740.###
C:\Documents and Settings\joSH\Favorites\Download programs.url
C:\Documents and Settings\joSH\Favorites\Translator.url
C:\Documents and Settings\joSH\Favorites\Videos.url
C:\Program Files\MicroAntivirus
C:\Program Files\MicroAntivirus\microAV.ooo
C:\Program Files\MicroAntivirus\microAV0.dat
C:\Program Files\MicroAntivirus\microAV1.dat
C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
C:\WINDOWS\assys.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\ffnsys.dll
C:\WINDOWS\gstcore.dll
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\mfnsys.dll
C:\WINDOWS\rsczsys.dll
C:\WINDOWS\snsys.dll
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\drivers\avgrkx86.sys
C:\WINDOWS\system32\egsqotdp.ini
C:\WINDOWS\system32\fOpqrqss.ini
C:\WINDOWS\system32\fOpqrqss.ini2
C:\WINDOWS\system32\jtlybeve.ini
C:\WINDOWS\system32\pkgnltox.ini
C:\WINDOWS\system32\ywkpuoio.ini
C:\WINDOWS\uawin.dll
.
Drivers/Services
-------\Legacy_AVGRKX86
-------\Service_AvgRkx86
Files Created from 2008-09-18 to 2008-10-18
2008-10-18 12:21 . 2008-10-18 12:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-18 12:21 . 2008-10-18 12:30 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\AVGTOOLBAR
2008-10-18 12:21 . 2008-10-18 12:21 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-18 12:21 . 2008-10-18 12:21 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-18 12:21 . 2008-10-18 12:21 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-18 12:18 . 2008-10-18 12:18 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-10-18 12:18 . 2008-10-18 12:18 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-10-18 12:10 . 2008-10-18 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-18 11:30 . 2008-10-18 11:30 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\aAvgApi
2008-10-17 00:19 . 2008-08-14 22:11 2,189,184 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-17 00:19 . 2008-08-14 22:09 2,145,280 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-17 00:19 . 2008-08-14 21:33 2,066,048 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-17 00:19 . 2008-08-14 21:33 2,023,936 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 21:58 . 2008-09-16 00:12 1,846,400 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 21:24 . 2008-10-18 20:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-16 21:24 . 2008-10-16 21:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-16 20:14 . 2008-09-08 22:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 19:33 . 2008-10-16 19:33 <DIR> d-------- C:\Program Files\Mininova
2008-10-16 19:33 . 2008-10-16 19:33 <DIR> d-------- C:\Program Files\Conduit
2008-10-14 21:52 . 2008-10-18 11:40 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-10-10 20:30 . 2008-10-10 20:30 102,194 --a------ C:\WINDOWS\system32\cont_dcads-remove.exe
2008-10-06 23:59 . 2008-10-06 23:59 363,520 --a------ C:\WINDOWS\system32\nsm69.dll
2008-10-05 18:50 . 2008-10-05 18:50 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\AdobeAUM
2008-10-05 18:46 . 2006-11-30 14:58 90,800 -ra------ C:\WINDOWS\system32\drivers\se44unic.sys
2008-10-05 18:46 . 2006-11-30 14:58 88,624 -ra------ C:\WINDOWS\system32\drivers\se44mgmt.sys
2008-10-05 18:46 . 2006-11-30 14:58 18,704 -ra------ C:\WINDOWS\system32\drivers\se44nd5.sys
2008-10-05 18:46 . 2006-11-30 14:58 4,128 -ra------ C:\WINDOWS\system32\drivers\se44cr.sys
2008-10-05 18:30 . 2006-11-30 14:58 86,432 -ra------ C:\WINDOWS\system32\drivers\se44obex.sys
2008-10-04 18:12 . 2006-11-30 14:58 97,088 -ra------ C:\WINDOWS\system32\drivers\se44mdm.sys
2008-10-04 18:12 . 2006-11-30 14:58 9,360 -ra------ C:\WINDOWS\system32\drivers\se44mdfl.sys
2008-10-04 18:12 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cmnt.sys
2008-10-04 18:12 . 2006-11-30 14:58 6,240 -ra------ C:\WINDOWS\system32\drivers\se44cm.sys
2008-10-04 14:45 . 2006-11-30 14:58 61,536 -ra------ C:\WINDOWS\system32\drivers\se44bus.sys
2008-10-04 14:45 . 2006-11-30 14:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44whnt.sys
2008-10-04 14:45 . 2006-11-30 14:58 5,872 -ra------ C:\WINDOWS\system32\drivers\se44wh.sys
2008-10-04 14:40 . 2008-10-04 14:40 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\Sony Ericsson
2008-10-04 14:33 . 2008-10-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-04 14:32 . 2008-10-04 14:32 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-10-04 14:32 . 2008-10-04 14:33 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-04 14:32 . 2008-10-04 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-04 14:29 . 2008-10-04 14:29 <DIR> d-------- C:\Program Files\Disc2Phone
2008-09-22 06:43 . 2008-09-22 06:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue
2008-09-21 20:02 . 2008-08-25 15:44 20,232 --a------ C:\WINDOWS\system32\AntiSpyNative64.exe
2008-09-21 20:02 . 2008-08-25 15:44 16,648 --a------ C:\WINDOWS\system32\AntiSpyNative32.exe
2008-09-21 18:19 . 2008-09-21 19:04 <DIR> d-------- C:\Program Files\Uniblue
2008-09-21 17:35 . 2008-09-21 19:12 <DIR> d-------- C:\Documents and Settings\joSH\Application Data\Uniblue
2008-09-21 17:32 . 2008-09-21 18:56 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\~0
2008-09-21 16:48 . 2008-09-21 16:48 578,560 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-09-21 16:43 . 2008-09-21 16:44 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-21 16:37 . 2008-09-21 17:06 <DIR> d----c--- C:\SDFix
2008-09-21 02:54 . 2008-09-21 02:54 <DIR> d-------- C:\Program Files\AVG
2008-09-19 20:29 . 2008-09-19 20:29 <DIR> d-------- C:\Program Files\YouTube Downloader 3000
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-09-18 21:18 . 2008-09-18 21:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-09-18 21:13 . 2008-09-18 21:19 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-18 21:02 . 2008-09-18 21:02 <DIR> d-------- C:\WINDOWS\EHome
.
Find3M Report
2008-10-18 10:27 --------- d-----w C:\Documents and Settings\joSH\Application Data\Free Download Manager
2008-10-17 22:54 --------- d-----w C:\Documents and Settings\joSH\Application Data\uTorrent
2008-10-13 08:22 --------- d-----w C:\Documents and Settings\joSH\Application Data\Skype
2008-10-13 04:05 --------- d-----w C:\Documents and Settings\joSH\Application Data\skypePM
2008-10-05 09:38 --------- d-----w C:\Documents and Settings\joSH\Application Data\AdobeUM
2008-10-05 09:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 02:33 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-10-02 08:11 --------- d-----w C:\Program Files\JetAudio
2008-09-28 10:30 --------- d-----w C:\Program Files\WinClamAVShield
2008-09-28 10:28 --------- d-----w C:\Documents and Settings\joSH\Application Data\Spyware Terminator
2008-09-28 08:19 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-27 22:08 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-24 09:37 --------- d-----w C:\Program Files\LimeWire
2008-09-21 06:58 --------- d-----w C:\Program Files\Spyware Terminator
2008-09-20 22:29 --------- d-----w C:\Program Files\DivX
2008-09-20 16:14 --------- d-----w C:\Program Files\Hide IP Platinum
2008-09-20 15:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-20 15:28 --------- d--h--r C:\Documents and Settings\joSH\Application Data\yahoo!
2008-09-20 13:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-20 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-20 11:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-09-20 08:52 --------- d-----w C:\Program Files\Opera
2008-09-14 08:14 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-08 04:34 --------- d-----w C:\Program Files\ATI Technologies
2008-07-18 18:34 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-11-16 09:20 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-13 23:13 524,300 ----a-w C:\Documents and Settings\joSH\Application Data\position.bin
.
Reg Loading Points
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10a72bfd-414f-89a1-b332-d7da581be5e8}]
2008-10-06 23:59 363520 --a------ C:\WINDOWS\system32\nsm69.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-09-15 06:47 1784856 --a------ C:\Program Files\Mininova\tbMini.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2008-07-28 22:46 160496 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "C:\Program Files\Mininova\tbMini.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-05-28 95800]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-23 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-16 1877272]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"<NO NAME>"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-08-23 635848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-19 49152]
"Domino"="C:\WINDOWS\Domino.exe" [2006-08-18 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-18 1235736]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-11 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):76,69,73,74,61,75,69,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
backup=C:\WINDOWS\pss\Run Google Web Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^joSH^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^joSH^Start Menu^Programs^Startup^Yahoo! Widget Engine.lnk]
path=C:\Documents and Settings\joSH\Start Menu\Programs\Startup\Yahoo! Widget Engine.lnk
backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
--a------ 2006-07-30 21:32 575488 C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2007-08-14 03:44 113136 C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
--a------ 2006-08-18 20:58 49152 C:\WINDOWS\Domino.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2007-09-10 00:36 2441263 C:\Program Files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Upload Manager]
--a------ 2007-07-29 22:13 253952 C:\Program Files\Free Download Manager\FUM\fum.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Uploader Oe Integration]
--a------ 2007-06-10 21:02 40960 C:\Program Files\Free Download Manager\FUM\fumoei.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 09:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-20 03:27 65536 C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2001-11-30 15:15 90112 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 12:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 18:40 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2005-05-11 15:48 127118 c:\APPS\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-04 22:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-04 22:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2008-02-26 13:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-10 00:23 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-08-24 15:52 240112 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2007-09-11 17:20 2778112 C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler]
--a------ 2006-05-03 12:48 307200 C:\Program Files\Styler\Styler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-09-23 16:24 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
--a------ 2007-08-16 09:02 1877272 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
--a------ 2008-08-25 15:44 1431816 C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2006-12-25 10:14 6083072 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-10-06 11:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 19:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
--a------ 2006-08-19 15:37 49152 C:\WINDOWS\ZSSnp211.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--a------ 2003-12-17 11:50 19968 C:\WINDOWS\Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CyberLink Media Library Service"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"gusvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"SymAppCore"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"WinDefend"=2 (0x2)
"iPod Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"sp_rssrv"=2 (0x2)
"sp_clamsrv"=3 (0x3)
"RoxWatch10"=2 (0x2)
"RoxMediaDB10"=3 (0x3)
"Roxio Upnp Server 10"=2 (0x2)
"Roxio UPnP Renderer 10"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Free Download Manager\\fdm.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-18 97928]
R1 c2scsi;c2scsi;C:\WINDOWS\system32\drivers\c2scsi.sys [2007-01-11 244736]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-11 138624]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-18 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-18 23296]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2007-08-24 309744]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-10-18 23296]
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 61536]
S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 9360]
S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 97088]
S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 88624]
S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 18704]
S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 86432]
S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 90800]
S4 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-18 875288]
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-18 231704]
S4 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-10-18 1220888]
S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2007-08-24 72176]
S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2007-08-24 362992]
S4 RoxMediaDB10;RoxMediaDB10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2007-08-24 1083888]
S4 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2007-08-24 166384]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{122190dd-82b3-11dc-b209-001676364538}]
\Shell\AutoRun\command - ie.exe
\Shell\explore\Command - ie.exe
\Shell\open\Command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bbc8fef-94c5-11dd-b3d6-001676364538}]
\Shell\auto\command - Thumbs.com
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Thumbs.com
.
Contents of the 'Scheduled Tasks' folder
2008-10-18 C:\WINDOWS\Tasks\ACF4B95E91332AA2.job
- c:\docume~1\josh\applic~1\grimto~1\Savedefysect.exe []

2008-07-01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-10-18 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]

2008-10-11 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2008-09-21 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe [2008-08-25 15:44]
.
- - - - ORPHANS REMOVED - - - -
BHO-{34DA163F-8155-4422-A3F6-2A7310D963A7} - (no file)
MSConfigStartUp-osCheck - C:\Program Files\Norton Internet Security\osCheck.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
.
------- Supplementary Scan -------
FireFox -: Profile - C:\Documents and Settings\joSH\Application Data\Mozilla\Firefox\Profiles\h5f028sz.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-18 22:51:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
------------------------ Other Running Processes ------------------------
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
Completion time: 2008-10-18 23:00:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-18 10:59:59
Pre-Run: 11,184,185,344 bytes free
Post-Run: 11,149,844,480 bytes free
429 --- E O F --- 2008-10-16 20:31:25
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:08 PM, on 10/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\ZSSnp211.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Documents and Settings\joSH\Desktop\CWINDOWSwindowslogonexe\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1396957
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dcads - {10a72bfd-414f-89a1-b332-d7da581be5e8} - C:\WINDOWS\system32\nsm69.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMini.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/se...0000049.000000b9&c=00000082.00000096.000001da
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCDA70F9-D542-4D5F-90C0-8AD182586F31}: NameServer = 202.62.124.238 202.62.120.4
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - (no CLSID) - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11701 bytes
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

So, in your next reply, post the MBAM log, SAS log and a fresh HijackThis log :)

eddie
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
I've also moved your other thread here, please keep to one thread per problem :)

I'll look thru the ComboFix log after you've done the above :)

eddie
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
Dear Eddie 5659,
Thank you so much for your help. The MBAM Log is 56142 characters long. What should I do? Should I cut it into 2 parts? Oh, my apologies for posting another thread for the same prob. Cheers
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
I have broken up the MBAM log into two parts. The second part is that of the "FILES INFECTED" bit.

Malwarebytes' Anti-Malware 1.29
Database version: 1286
Windows 5.1.2600 Service Pack 3

10/19/2008 9:46:42 AM
mbam-log-2008-10-19 (09-46-42).txt

Scan type: Quick Scan
Objects scanned: 62579
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 33
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 278

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Conduit) -> Delete on reboot.
C:\Program Files\Mininova\tbMini.dll (Adware.HumourCanineToolbar) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (Adware.Conduit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f592709f-ff4a-4862-b659-4afabda56312} (Adware.HumourCanineToolbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
The following is the second part of the MBAM log:

Files Infected:
C:\Program Files\Conduit\Community Alerts\Alert.dll (Adware.Conduit) -> Delete on reboot.
C:\Program Files\Mininova\tbMini.dll (Adware.HumourCanineToolbar) -> Delete on reboot.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Program Files\Online Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Online Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
Forgive me but the second part needed trimming as well:

C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
 

yoyoia

Thread Starter
Joined
Sep 21, 2008
Messages
9
Continuation of MBAM log report (Part 4)

C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\joSH\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,298
Also need the SAS log and a fresh HijackThis log :)

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top