Red X on C Drive ( Vundo ?) Help Please

Question

dee123 0 Newbie Poster

16 Years Ago

We have been infected with a virus that we cant seem to shift. After trawling through various sites we think we have the Vundo Virus.
We have a big red X in "my computer" where the C: drive is and have had a load of tmf files where present on are computer. The PC is running very slow as a result and we are strugling to get rid of it.
If anyone can help we would most gratefull. We have ran a Hijackthis,Malware and SDFIX and have attached the logs below. can anyone help?
thanks

[B]HijackThis[/B]
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:15:01, on 04/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\USBDRIVE\shwicon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://google.co.uk/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.sha123.com[/url]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url]http://windowsupdate.microsoft.com/[/url]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BMf7d4f0fe] Rundll32.exe "C:\WINDOWS\System32\mujtijws.dll",s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\musik.exe" /pause
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - [url]http://www.ipix.com/viewers/ipixx.cab[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - [url]http://www.winkflash.co.uk/photo/loaders/SAXFile.cab[/url]
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [url]http://dl.tvunetworks.com/TVUAx.cab[/url]
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url]http://www1.snapfish.co.uk/SnapfishUKActivia.cab[/url]
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - [url]http://www.tvlution.com/KooPlayer.ocx[/url]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [url]http://go.divx.com/plugin/DivXBrowserPlugin.cab[/url]
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - [url]https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[/url]
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - [url]http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe[/url]
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - [url]http://static.photobox.co.uk/sg/common/uploader_uni.cab[/url]
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - [url]http://upload.mediamax.com/Upload/XUpload.ocx[/url]
O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9973 bytes

[B]Malware[/B]
Malwarebytes' Anti-Malware 1.10
Database version: 591

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 105858
Time elapsed: 1 hour(s), 25 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{07c7156e-d651-4acc-9ad3-498c916e9651} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1133\A0287708.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1133\A0288037.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\j\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

[B]SDFix[/B]
[b]SDFix: Version 1.166 [/b]

Run by Dee on 04/04/2008 at 19:12

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Dee\Desktop\SDFix\SDFix

[b]Checking Services [/b]:
/

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\mrofinu1188.exe.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-04-04 19:24:15
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00003a689a74]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00003a689a74]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00003a689a74]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\Dee\Desktop\SDFix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Fri 23 Feb 2007            56 ..SHR --- "C:\WINDOWS\system32\8616203188.sys"
Fri 23 Feb 2007            56 ..SHR --- "C:\WINDOWS\system32\B085F86352.sys"
Mon 30 Jul 2007        15,488 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 10 Nov 2004         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 26 Apr 2006           401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv10.bak"
Wed 10 Nov 2004           401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak"
Sat 23 Oct 2004           400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Sat 23 Oct 2004            48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Thu  1 Dec 2005        30,208 ...H. --- "C:\Documents and Settings\Dee\My Documents\~WRL0003.tmp"
Thu  1 Feb 2007       464,896 ...H. --- "C:\Documents and Settings\Dee\My Documents\~WRL2168.tmp"
Mon  9 Aug 2004        51,040 A..HR --- "C:\WINDOWS\system32\drivers\slabbus.sys"
Mon  9 Aug 2004         6,112 A..HR --- "C:\WINDOWS\system32\drivers\slabcm.sys"
Mon  9 Aug 2004         6,112 A..HR --- "C:\WINDOWS\system32\drivers\slabcmnt.sys"
Mon  9 Aug 2004        82,768 A..HR --- "C:\WINDOWS\system32\drivers\slabser.sys"
Mon  9 Aug 2004         5,776 A..HR --- "C:\WINDOWS\system32\drivers\slabwh.sys"
Mon  9 Aug 2004         5,776 A..HR --- "C:\WINDOWS\system32\drivers\slabwhnt.sys"
Mon  6 Feb 2006       114,176 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL0805.tmp"
Mon  6 Feb 2006       114,176 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL1287.tmp"
Tue 31 Jan 2006        37,376 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL1613.tmp"
Mon  6 Feb 2006        47,104 A..H. --- "C:\Documents and Settings\j\My Documents\homework\~WRL3251.tmp"
Thu 19 Aug 2004         1,740 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Thu 19 Aug 2004       274,904 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Thu 19 Aug 2004       158,410 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\IAM.reg"
Wed 10 Nov 2004         4,348 ...H. --- "C:\Documents and Settings\j\My Documents\My Music\License Backup\drmv1key.bak"
Sat 23 Feb 2008           782 A..H. --- "C:\Documents and Settings\j\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 19 Dec 2005           576 A.SH. --- "C:\Documents and Settings\j\My Documents\My Music\License Backup\drmv2key.bak"

[b]Finished![/b]

windows-virus

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

3 Contributors
24 Replies
227 Views
1 Week Discussion Span
Latest Post 16 Years Ago Latest Post by gerbil

compdoc 3 Posting Whiz

16 Years Ago

http://vundofix.atribune.org/

try here if you do have the vundo virus this should help

compdoc 3 Posting Whiz

16 Years Ago

try spybot search and destroy
http://www.safer-networking.org/en/index.html

and adaware
http://www.lavasoft.com/

compdoc 3 Posting Whiz

16 Years Ago

O20 - Winlogon Notify: xcttgs - C:\WINDOWS\SYSTEM32\xcttgs.dll

found this one its a version of Haxdoor.
here is the link for the fix.

http://users.telenet.be/marcvn/tools/haxfix.exe

I've never used this one so I don't know how effective it is

good luck I'll keep look to see if I find more in your file

compdoc 3 Posting Whiz

16 Years Ago

you should also try ComboFix

here is the link and instruction on how to use it

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

gerbil 216 Industrious Poster

16 Years Ago

SP1 (6.00.2800.1106)?? Your OS is very old, outdated and very naked on the web - it is a sitting duck without the SP2 security upgrade.
But we must clean you before you upgrade.
Before we go any further please uninstall either Avast or AVG antivirus - they likely will conflict and the result is unpredictable.
Done it? Okay...
[There are traces of Symantec's AV there too but they may be removed later. Oh, there are some bits of MAfee also...!].

Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [BMf7d4f0fe] Rundll32.exe "C:\WINDOWS\System32\mujtijws.dll",s
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)

Good. Now go Start, run, and paste in these lines:
sc delete McDetect.exe
sc delete McTskshd.exe
sc delete mcupdmgr.exe
=Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the iPod Service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....

Search for and delete this file:
C:\WINDOWS\System32\mujtijws.dll
Check the properties of these two files - if they are unsigned I suggest you delete them:
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
-they have hashed filenames and that is suspicious...
Delete this folder:
C:\Program Files\Google\ -it appears to be all that remains of the toolbar? If you have not done so already, then uninstall it [optional, it aint all bad...]
Go to the Symantec website and dl and run the uninstaller tool for the version of Symantec AV that you had.
Now for that red cross:
I'd like to look at a key in your registry; this will do that, and then delete it.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt
__________________________________________________________

A black command window will flash and then a notepad should pop on your desktop. If it is blank just say so, else post it. Delete showkey.bat.
Open a fresh explorer window [my computer]....

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

dee123 0 Newbie Poster · Answer 1 · 2008-04-08T00:51:26+00:00

Hi we have run VundoFix and it turned up nothing, any other idears?

thanks

dee123 0 Newbie Poster · Answer 2 · 2008-04-08T01:44:46+00:00

Hi tryed both of these last week, they didnt get rid of it?

dee123 0 Newbie Poster · Answer 3 · 2008-04-10T02:04:00+00:00

SP1 (6.00.2800.1106)?? Your OS is very old, outdated and very naked on the web - it is a sitting duck without the SP2 security upgrade.
But we must clean you before you upgrade.
Before we go any further please uninstall either Avast or AVG antivirus - they likely will conflict and the result is unpredictable.
Done it? Okay...
[There are traces of Symantec's AV there too but they may be removed later. Oh, there are some bits of MAfee also...!].
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [BMf7d4f0fe] Rundll32.exe "C:\WINDOWS\System32\mujtijws.dll",s
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O20 - Winlogon Notify: xcttgs - xcttgs.dll (file missing)
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - Unknown owner - c:\program files\mcafee.com\agent\mcdetect.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - Unknown owner - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
Good. Now go Start, run, and paste in these lines:
sc delete McDetect.exe
sc delete McTskshd.exe
sc delete mcupdmgr.exe
=Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the iPod Service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....
Search for and delete this file:
C:\WINDOWS\System32\mujtijws.dll
Check the properties of these two files - if they are unsigned I suggest you delete them:
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
-they have hashed filenames and that is suspicious...
Delete this folder:
C:\Program Files\Google\ -it appears to be all that remains of the toolbar? If you have not done so already, then uninstall it [optional, it aint all bad...]
Go to the Symantec website and dl and run the uninstaller tool for the version of Symantec AV that you had.
Now for that red cross:
I'd like to look at a key in your registry; this will do that, and then delete it.
==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt
__________________________________________________________
A black command window will flash and then a notepad should pop on your desktop. If it is blank just say so, else post it. Delete showkey.bat.
Open a fresh explorer window [my computer]....

hi

I followed the instructions up to this point where I entered the specified text into the notepad and saved it on the desktop, i then ran the program and the notepad was blank?? the red x is still present on the c drive

gerbil 216 Industrious Poster · Answer 4 · 2008-04-10T07:08:27+00:00

Dee, I am still fishing for a solution to this one.... it seems to be the result of a vundo infection. That batch file was to check one possible source of the problem, turns out not to be it, so the notepad was blank [you just did not have that key]. Sometimes you have to be a guineapig, malwares get improved to stay in the game.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.
Post a fresh hijackthis scan alos, please, Dee.

gerbil 216 Industrious Poster · Answer 5 · 2008-04-10T07:59:12+00:00

Dee, could you also do this please:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /s >C:\showkey.txt
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons" /f
start C:\showkey.txt

If that notepad is not empty then the red cross problem may be solved [you may have to restart...].

dee123 0 Newbie Poster · Answer 6 · 2008-04-10T22:21:10+00:00

HI Gerbil please find the logs you requested below. I appreciate all the advice you have given as I am new to this - perhaps you can tell me when it`s time to cut to the chase and say lets wipe the computer and reload Xp, although this is daunting we seem to have had problems for some time - maybe because of the inadequate operating system as you have already indicated. Any advice would be helpful
Many Thanks
Dee

ComboFix 08-04-09.9 - Dee 2008-04-10 16:31:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.79 [GMT 1:00]
Running from: C:\Documents and Settings\Dee\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.

2008-04-08 13:52 . 2008-04-08 13:52 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-04-04 19:36 . 2008-04-04 19:36 <DIR> d-------- C:\Documents and Settings\Dee\Application Data\Malwarebytes
2008-04-04 19:35 . 2008-04-04 21:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 19:35 . 2008-04-04 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-04 14:18 . 2008-04-04 14:18 <DIR> d-------- C:\Documents and Settings\Dee\Application Data\Uniblue
2008-04-04 13:15 . 2008-04-04 13:15 <DIR> d-------- C:\VundoFix Backups
2008-04-04 13:13 . 2008-04-04 13:13 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 15:44 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-09 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-07 11:06 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-04 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 10:22 --------- d-----w C:\Program Files\DivX
2008-04-04 10:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 14:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 12:33 --------- d-----w C:\Documents and Settings\j\Application Data\ppStream
2008-03-02 12:11 --------- d-----w C:\Program Files\Alwil Software
2008-03-01 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-03-01 16:12 24,576 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-24 16:45 --------- d-----w C:\Documents and Settings\Dee\Application Data\TVU networks
2008-02-24 16:37 --------- d-----w C:\Documents and Settings\Dee\Application Data\McAfee
2008-02-21 22:43 --------- d-----w C:\Documents and Settings\j\Application Data\PC Tools
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\LimeWire
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\FrostWire
2008-02-21 10:56 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2008-02-21 10:54 93,760 ----a-w C:\WINDOWS\system32\iswsahqf.dll
2008-02-16 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-13 16:59 --------- d-----w C:\Program Files\Picasa2
2008-02-13 16:58 --------- d-----w C:\Program Files\Lavasoft
2006-08-04 22:23 836 ----a-w C:\Documents and Settings\Dee\Application Data\ViewerApp.dat
2007-02-23 19:45 56 --sh--r C:\WINDOWS\system32\8616203188.sys
2007-02-23 19:45 56 --sh--r C:\WINDOWS\system32\B085F86352.sys
2007-07-30 10:51 15,488 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_12.57.54.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-04 18:09:11 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-04 18:09:11 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-04 18:08:59 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-04 18:08:59 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-10 15:38:42 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-04 11:41:00 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-10 15:38:03 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-10 15:38:03 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-10 15:38:03 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-10 15:39:00 40,960 ----a-w C:\WINDOWS\Temp\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:41 13312]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-13 18:13 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 21:33 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" []
"ShowIcon_Justrams_USB Drives Driver v1.19r020"="C:\Program Files\USBDRIVE\shwicon.exe" [2003-02-19 18:47 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="D:\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 08:41 13312]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-28 11:30 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-11-20 19:50 51200 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xcttgs.sys]
@="Driver"

S0 hgjihjde;hgjihjde;C:\WINDOWS\System32\drivers\hgjihjde.sys []
S3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 12:12]
S3 jatmlano;jatmlano;C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys []
S3 PAC207;SoC [email]PC-Camer@;C:\WINDOWS\System32\DRIVERS\pfc027.sys[/email] []
S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\System32\DRIVERS\se44bus.sys [2006-07-25 12:52]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 16:39:58
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
.
**************************************************************************
.
Completion time: 2008-04-10 16:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-10 15:55:56
ComboFix2.txt 2008-04-04 12:01:35
Pre-Run: 11,098,509,312 bytes free
Post-Run: 11,129,974,784 bytes free
.
2007-06-18 18:07:41 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:27, on 10/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USBDRIVE\shwicon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sha123.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowIcon_Justrams_USB Drives Driver v1.19r020] "C:\Program Files\USBDRIVE\shwicon.exe" -t"Justrams\USB Drives Driver v1.19r020"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {230C3D02-DA27-11D2-8612-00A0C93EEA3C} (SAXFile FileUpload ActiveX Control) - http://www.winkflash.co.uk/photo/loaders/SAXFile.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.tvlution.com/KooPlayer.ocx
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.mediamax.com/Upload/XUpload.ocx
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 8212 bytes

gerbil 216 Industrious Poster · Answer 7 · 2008-04-11T07:21:59+00:00

Reinstall?? No need to go to that trouble. You have a few problems in there, though. Let's work on them.
=Check the properties of these two files - if they are unsigned I suggest you delete them:
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
-they have hashed filenames and that is suspicious... **what did you find for them??

=Delete these files:
C:\WINDOWS\system32\iswsahqf.dll
C:\WINDOWS\System32\drivers\hgjihjde.sys
C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys
=Delete this folder:
C:\Documents and Settings\Dee\Application Data\McAfee
=If you did not find that these two files have legit owners then rename them:
C:\WINDOWS\system32\8616203188.sys > C:\WINDOWS\system32\8616203188.sys.old
C:\WINDOWS\system32\B085F86352.sys > C:\WINDOWS\system32\B085F86352.sys.old

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as fixkey.reg, as type "all files", to your desktop; dclick it to run... agree; if it opens in notepad instead rclick the icon [file], choose Open with, Registry editor....

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xcttgs.sys]

==GET AVG antispyware 7.5 here.. http://free.grisoft.com/doc/5390/lng/us/tpl/v5#avg-anti-spyware-free
-Install it and UPDATE it.
Start AVG a-s 7.5;
-under Scanner/ Settings please change the default action from Recommended Actions to QUARANTINE, and run the complete system scan.
-press Apply all Actions and Save the log file. Post the log file.

dee123 0 Newbie Poster · Answer 8 · 2008-04-11T15:52:54+00:00

Hi i have been able to delete:
C:\WINDOWS\system32\iswsahqf.dll
C:\Documents and ettings\Dee\Application Data\McAfee

But can not find any of the .sys files
8616203188.sys
B085F86352.sys
hgjihjde.sys
jatmlano.sys

Non of these files are there? Ive enabled "view hidden files/folders" and still can not find any of these .sys files either by looking manually or searching for them??
The Reg file ran ok
And here are the results from the AVG Scan.
Thanks!!!

C:\Documents and Settings\Dee\Cookies\dee@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\j\Cookies\j@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@stat.onestat[2].txt -> TrackingCookie.Onestat : No action taken.
C:\Documents and Settings\j\Cookies\j@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\j\Cookies\j@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@revsci[2].txt -> TrackingCookie.Revsci : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\j\Cookies\j@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\j\Cookies\j@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@statcounter[2].txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.109:C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\brn2w5t5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.110:C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\brn2w5t5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.111:C:\Documents and Settings\j\Application Data\Mozilla\Firefox\Profiles\brn2w5t5.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\j\Cookies\j@anad.tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\j\Cookies\j@anat.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\j\Cookies\j@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\j\Cookies\j@m.webtrends[1].txt -> TrackingCookie.Webtrends : No action taken.
C:\Documents and Settings\Dee\Cookies\dee@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.

gerbil 216 Industrious Poster · Answer 9 · 2008-04-11T19:53:24+00:00

==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.

Killall::

File::
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
C:\WINDOWS\system32\iswsahqf.dll
C:\WINDOWS\System32\drivers\hgjihjde.sys 
C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.

dee123 0 Newbie Poster · Answer 10 · 2008-04-12T14:50:16+00:00

Hi Gerbil
As you requested please find the combo fix log below
Thanks for your help
Dee

ComboFix 08-04-09.9 - Dee 2008-04-12 8:41:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.71 [GMT 1:00]
Running from: C:\Documents and Settings\Dee\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dee\Desktop\CFScript.txt 12.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\Dee\LOCALS~1\Temp\jatmlano.sys
C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys
C:\WINDOWS\System32\drivers\hgjihjde.sys
C:\WINDOWS\system32\iswsahqf.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\8616203188.sys
C:\WINDOWS\system32\B085F86352.sys

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 14:19 . 2008-04-11 14:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-11 14:19 . 2008-04-11 14:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-11 08:28 . 2008-04-11 08:28 <DIR> d-------- C:\Documents and Settings\Dee\Application Data\Grisoft
2008-04-11 08:28 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-08 13:52 . 2008-04-08 13:52 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2008-04-04 19:36 . 2008-04-04 19:36 <DIR> d-------- C:\Documents and Settings\Dee\Application Data\Malwarebytes
2008-04-04 19:35 . 2008-04-04 21:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-04 19:35 . 2008-04-04 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-04 19:08 . 2008-04-04 19:08 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-04 14:18 . 2008-04-04 14:18 <DIR> d-------- C:\Documents and Settings\Dee\Application Data\Uniblue
2008-04-04 13:15 . 2008-04-04 13:15 <DIR> d-------- C:\VundoFix Backups
2008-04-04 13:13 . 2008-04-04 13:13 <DIR> d-------- C:\Program Files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 08:22 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-11 07:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-11 07:06 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-11 06:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-04-09 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-04 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-04 10:22 --------- d-----w C:\Program Files\DivX
2008-04-04 10:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-02 14:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 12:33 --------- d-----w C:\Documents and Settings\j\Application Data\ppStream
2008-03-02 12:11 --------- d-----w C:\Program Files\Alwil Software
2008-03-01 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-02-24 16:45 --------- d-----w C:\Documents and Settings\Dee\Application Data\TVU networks
2008-02-21 22:43 --------- d-----w C:\Documents and Settings\j\Application Data\PC Tools
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\LimeWire
2008-02-21 22:24 --------- d-----w C:\Documents and Settings\j\Application Data\FrostWire
2008-02-16 15:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-13 16:59 --------- d-----w C:\Program Files\Picasa2
2008-02-13 16:58 --------- d-----w C:\Program Files\Lavasoft
2006-08-04 22:23 836 ----a-w C:\Documents and Settings\Dee\Application Data\ViewerApp.dat
2007-07-30 10:51 15,488 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_12.57.54.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-04-04 18:09:11 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-04-04 18:09:11 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-04-04 05:07:32 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-04-04 18:08:59 4,259,840 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-04-04 18:08:59 155,648 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2008-04-12 08:21:21 53,248 ----a-w C:\WINDOWS\PSEXESVC.EXE
- 2008-04-04 11:41:00 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-04-12 07:47:53 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-04-12 07:47:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-04 11:41:00 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-04-12 07:47:53 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 08:41 13312]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 15:43 57344]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-02-13 18:13 579072]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-22 21:33 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57 282624]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 15:53 1103752]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" []
"ShowIcon_Justrams_USB Drives Driver v1.19r020"="C:\Program Files\USBDRIVE\shwicon.exe" [2003-02-19 18:47 73728]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"iTunesHelper"="D:\iTunesHelper.exe" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 08:41 13312]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-28 11:30 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-11-20 19:50 51200 C:\WINDOWS\system32\narrator.exe]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 09:21:39
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\tsd32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avginet.exe
.
**************************************************************************
.
Completion time: 2008-04-12 9:37:00 - machine was rebooted [Dee]
ComboFix-quarantined-files.txt 2008-04-12 08:36:10
ComboFix2.txt 2008-04-10 15:56:47
ComboFix3.txt 2008-04-04 12:01:35
Pre-Run: 11,022,360,576 bytes free
Post-Run: 11,118,088,192 bytes free
.
2007-06-18 18:07:41 --- E O F ---

gerbil 216 Industrious Poster · Answer 11 · 2008-04-13T06:36:15+00:00

Ok, that run found and deleted two of those files, the others are not present now. Your sys looks clean now. And still the red cross?
For a final check could you do this please:
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner. Repeat in other user's accounts.
[For future quick temp file cleaning select the options you wish to use via the Windows and Applications tabs ..]
==Please use IE to do an online scan at panda:- http://www.pandasoftware.com/products/activescan?
-select a link to the scan... free online virus scan...., enter a valid? email and follow through, choosing My Computer for a full system scan.
Post the log it produces here.

dee123 0 Newbie Poster · Answer 12 · 2008-04-13T19:48:10+00:00

Hi Gerbil
Ran the tasks you asked and folowling this the computer was slower than usual starting up and even slower trying to access the internet. Red cross still present and here is a log for the panda
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-04-13 10:12:26
PROTECTIONS: 1
MALWARE: 37
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus 7.1.410 7.1.410 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\protocols\name-space handler\res
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\protocols\name-space handler\res
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dee\Desktop\SDFix.zip[SDFix/apps/Process.exe]
00139535 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dee\Desktop\SDFix\SDFix\apps\Process.exe
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@fastclick[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@mediaplex[1].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@anm.co[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@revenue[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@apmebf[1].txt
00168069 Cookie/Bilbo.counted TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@bilbo.counted[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@bs.serving-sys[2].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@888[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adtech[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adrevolver[3].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adrevolver[3].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@ads.pointroll[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@questionmarket[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adrevolver[2].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@searchportal.information[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\j\Cookies\j@adviva[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@adviva[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Chris\Cookies\chris@atwola[1].txt
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325215.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325207.sys
02894143 Bck/Agent.HTK Virus/Trojan No 0 Yes No C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir[Setup.exe]
02902395 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\vloijwlh.dll.vir
02902412 Trj/Downloader.SSM Virus/Trojan No 0 Yes No C:\Documents and Settings\Dee\Desktop\SDFix\SDFix\backups\backups.zip[backups/mrofinu1188.exe.tmp]
02902684 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ixkfrpab.dll.vir
02904332 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\qblwisvm.dll.vir
02904333 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\hpyfyeyi.dll.vir
02904333 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\lypukbas.dll.vir
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\SopCast v2.0.4.zip[Setup.exe]
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\Sopcast Online TV - Vista capable.zip[Setup.exe]
;===================================================================================================================================================================================
SUSPECTS
Sent Location X
3J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description X
3J
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Thanks
Dee

gerbil 216 Industrious Poster · Answer 13 · 2008-04-14T07:53:01+00:00

Discounting the cookie detections and pests in quarantine, Dee, [delete C:\Qoobox and SDFix...] we are left with these:
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\protocols\name-space handler\res
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\protocols\name-space handler\res
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325215.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{833EE25F-3A47-41DF-B27D-017FE19594C7}\RP1162\A0325207.sys
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\SopCast v2.0.4.zip[Setup.exe]
02906063 Bck/VB.ABN Virus/Trojan No 0 Yes No D:\jmusic\jmusic\Sopcast Online TV - Vista capable.zip[Setup.exe]

So. Delete:
D:\jmusic\jmusic\SopCast v2.0.4.zip[Setup.exe]
D:\jmusic\jmusic\Sopcast Online TV - Vista capable.zip[Setup.exe]

==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file to install the application and ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything is checked, and click Remove Selected.
Post the Notepad log [it is also saved under Logs tab in MBAM].

Do not use System Restore if at all avoidable because there is a pest in there and we don't want it let out again. When your sys is safer we will clean your restore points.

dee123 0 Newbie Poster · Answer 14 · 2008-04-14T13:01:38+00:00

HI Gerbil
Please find the log as requested- One other problem has occured there seems to be no sound from the speakers- will investigate further and report back. Thanks for your help
Dee

Malwarebytes' Anti-Malware 1.11
Database version: 623

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 79822
Time elapsed: 44 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 19
Files Infected: 297

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\dataCollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\remoteblacklist (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dee\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Publisher\2556\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrew\Application Data\VideoEgg\Updater\2364\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

gerbil 216 Industrious Poster · Answer 15 · 2008-04-14T16:36:42+00:00

Dee, VideoEgg possibly supplanted some of your Audio sys files, like perhaps the driver. Antimalware removed files. eg this codec was deleted as infected: avcodec.dll - you may wish to dl a fresh copy.
Go to Device Management, Sound and Video.., and check that the Audio is working, that you have a driver loaded, not the legacy drivers but something like Realtek AC97.
For example, rclick Audio Codecs and check properties.. there may be a dozen or so codecs listed there. If is shown as not working then use the Update driver button. Or use the troubleshooter.
=let's clear all your system restore points because some have been infected.... go control panel > system > system restore tab, check Turn off sys res on all drives, Apply and OK. Do it all again but uncheck that box, Apply and OK.
[[a quick way in is Start > run, paste: control sysdm.cpl,,4 -and OK]]
Now make a fresh, clean restore point: Start > programs > accessories > system tools > system restore and create a restore point now!!
And I still don't have a fix for your red cross...

dee123 0 Newbie Poster · Answer 16 · 2008-04-16T03:18:17+00:00

hi gerbil, made a new restore point and restored the sound. Found some info on helpero.com about gettting rid of the red cross, it told me to do the following:
1. Open a new Notepad document file and copy the followind code ( copy and paste using your mouse)

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]

2. Click 'Format' in Notepad and be sure that Word Wrap is not enabled.

3. Click File, Save as..., and enter (including quotation marks) the filename: "RedIcon.REG".

4. Exit Notepad.

5. Double click your new created file and agree to the registry merge when asked.

i did this and the red x dissapeared, have i solved the problem?

Checked the device manger all drivers were ok but one of the 'other devices' called 'CIF single chip' and it had a exclamation mark next to it and it said i needed to reinstall the driver. I tried to do this but to no avail is this a problem? also when i browse the internet on my user, i consistantly get pop ups claiming to be from spybot s&d saying that i was trying to download 'double click' or 'Avenue A Inc' and said it was a known threat and whether I wanted to stop this, i click yes but the popups continue to occur? any ideas. Do you think i am ready to update my operating system and if so what`s the best way to do this?
Thanks for your help dee

gerbil 216 Industrious Poster · Answer 17 · 2008-04-16T07:07:58+00:00

Groan.... Way back in post #8 I gave you a similar reg file to delete a key, except that I had a space included in mine. Drive Icons, yours is DriveIcons.
Life, eh? I wish M$ could sort out whether spaces are important in Registry names... they are, but I really dunno why.
CIF Single Chip is for your webcam. I can't tell why it will not update the driver. Uninstall, reinstall.
Sp2 upgrade? Best is to dl from the M$ site the file for "professional" installation. http://www.microsoft.com/downloads/details.aspx?familyid=049C9DBE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=en
This is the file: WindowsXP-KB835935-SP2-ENU.exe
You will note on that page that they recommend you use the M$updates path which is an automatic installation procedure -fine if you have a fast link. I prefer the to go by the exe path, save the file to disk and then install..
http://technet2.microsoft.com/windowsserver/en/library/c050419b-98a2-4802-b719-629a33a332391033.mspx?mfr=true is the M$ guide for installation, note that on this page they recommend to dl and save the file! :)
So it should be straightforward.... dl and save the file, disconnect from the net, BACKUP, disable or uninstall your AV, close all other apps and run the file WindowsXP-KB835935-SP2-ENU.exe
If it works and your sys is fine, start up your AV, your firewall and immediately get the updates from M$updates.

dee123 0 Newbie Poster · Answer 18 · 2008-04-16T23:13:42+00:00

Hi Gerbil
Thanks for all your help and advise will try what you suggested.
Dee

gerbil 216 Industrious Poster · Answer 19 · 2008-04-17T11:03:02+00:00

Glad to be of some use, Dee. Dunno why I put that space in DriveIcons. I just checked my sys and explorer.exe checks for the key DriveIcons. Not Drive Icons. I guess I am just too used to putting spaces between words when I type. Sorry for the time wasted.