WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] Browsers Won't Connect After Using MalWareBytes

Started by Infam247 , Sep 28 2009 01:09 PM

This topic is locked

18 replies to this topic

#1 Infam247

New Member

Authentic Member
14 posts

Posted 28 September 2009 - 01:09 PM

I had antivirus pro 2009's trojan menace my laptop and used Malwarebytes' Anti Malware to remove it successfully, but when I rebooted, though I had a strong wireless internet connection, my browser still refused to pull up any websites. How can I rectify this issue? *Unfortunately, confident in the abilities of the Malwarebytes software, I neglected to save the log of the cleaning that wiped out the trojan. Hopefully I can still be assisted though.

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 28 September 2009 - 06:42 PM

Open Malwarebytes and at the top, select Logs.
Open the log from the scan you ran and post the scan results here.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 Infam247

New Member

Authentic Member
14 posts

Posted 28 September 2009 - 11:36 PM

OKAY THANKS, HERE'S THE LOG: ------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.41 Database version: 2775 Windows 5.1.2600 Service Pack 2 9/28/2009 1:25:57 PM mbam-log-2009-09-28 (13-25-57).txt Scan type: Quick Scan Objects scanned: 107603 Time elapsed: 1 hour(s), 25 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 34 Registry Values Infected: 2 Registry Data Items Infected: 1 Folders Infected: 19 Files Infected: 287 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22e1eff7-d8dd-4bbc-9ce8-87edbe8c1a40} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{22e1eff7-d8dd-4bbc-9ce8-87edbe8c1a40} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{22e1eff7-d8dd-4bbc-9ce8-87edbe8c1a40} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Tool (Fake.SystemTool) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System Tool (Fake.SystemTool) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\Infamy\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Program Files\Windows Police Pro (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\iehelper.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\nimboappyo.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\uchgfgfuoj.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\Temp\winivsetup.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\bebo_tv_watermark_1.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted copy.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Data\Resources\gid329\cid1124\bebo03\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Documents and Settings\Infamy\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully. C:\Program Files\Windows Police Pro\ANTI_files.exe (Rogue.WindowsPolicePro) -> Quarantined and deleted successfully. C:\Program Files\wwgpfs\clffsysguard.exe (Fake.SystemTool) -> Delete on reboot. C:\WINDOWS\system32\rotscxfdpvfyey.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\rotscxjwieomik.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\rotscxkdhyxxwt.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\rotscxmhefukqh.dat (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\rotscxxcsejmtl.dll (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\rotscxxnhamusy.dat (Rootkit.TDSS) -> Delete on reboot. C:\WINDOWS\system32\drivers\rotscxajvylkcg.sys (Rootkit.TDSS) -> Delete on reboot.

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 29 September 2009 - 05:46 AM

You have / had a (Rootkit.TDSS) on-board.
These are always very hard to remove without the infection corrupting system files.

Download ComboFix from one of these locations:
You can save it to a thumb drive and transfer it to the infected PC.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.

Note: Combofix will run without the Recovery Console installed.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 Infam247

New Member

Authentic Member
14 posts

Posted 29 September 2009 - 10:04 AM

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Also please describe how your computer behaves at the moment.

#3 is going to be an issue for me and it says to alert you if that's the case. Also, I have newly acquired softwares for malware removal, so I don't want my system automatically running anything each time I reboot. Can I run combofix.exe without those 2 things happening? Or is there another way to reinstate my browsers' connection with the internet?

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 29 September 2009 - 12:35 PM

I'll answer your question tonite when I get home.
I suggest you read this:
http://windowssecret...Autorun-attacks

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#7 Infam247

New Member

Authentic Member
14 posts

Posted 29 September 2009 - 12:53 PM

I read it, but if Autorun.inf is only a threat if you insert CDs or removable drives with a virus/worm/trojan etc., in my personal case, I don't think that it's a threat for me. I'm rarely ever loading software from CDs or removeable drives, and if ever I install any CD it's from a highly credible publisher.

#8 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 30 September 2009 - 05:29 AM

Then run the fix. We can restore the autorun.inf after the scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#9 Infam247

New Member

Authentic Member
14 posts

Posted 30 September 2009 - 08:31 AM

I started to run the fix and apparently the issue that has disrupted my browsers effects combofix as well because it couldn't download the windows piece in the beginning even though my Internet connection is strong

#10 Infam247

New Member

Authentic Member
14 posts

Posted 30 September 2009 - 09:15 AM

ComboFix 09-09-28.01 - Infamy 09/30/2009 10:28.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.758.266 [GMT -4:00]
Running from: c:\documents and settings\Infamy\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\bmk2x0bt.2hu
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\jkvbe0fh.vpk
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\pgorjmvo.i55
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\vwegfdvw.iur
c:\documents and settings\Infamy\Start Menu\Programs\Uninstall.lnk
c:\windows\Downloaded Program Files\RdxIE.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxtyxcbeuk
-------\Service_rotscxtyxcbeuk

((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 15:49 . 2009-09-28 15:49 -------- d-----w- c:\documents and settings\Infamy\Application Data\Malwarebytes
2009-09-28 15:15 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 15:15 . 2009-09-28 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 15:15 . 2009-09-28 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 15:15 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 03:19 . 2009-09-28 12:59 -------- d-----w- C:\$AVG8.VAULT$
2009-09-28 03:10 . 2009-09-28 03:10 -------- d-----w- c:\program files\AVG
2009-09-28 03:10 . 2009-09-28 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-28 03:03 . 2009-09-28 03:03 -------- d-----w- c:\documents and settings\Infamy\Application Data\AVG8
2009-09-28 02:41 . 2009-09-28 17:29 -------- d-----w- c:\program files\wwgpfs
2009-09-24 03:28 . 2009-09-24 03:28 -------- d-----w- c:\program files\iPod
2009-09-23 08:46 . 2009-09-23 08:46 -------- d-----w- c:\documents and settings\Infamy\Application Data\Antares
2009-09-23 07:06 . 2009-09-23 09:00 -------- d-----w- c:\program files\Antares Audio Technologies
2009-09-23 06:58 . 2003-06-20 17:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll
2009-09-23 06:52 . 2009-09-23 06:52 -------- d-----w- c:\program files\Common Files\reFX
2009-09-14 23:22 . 2009-09-16 16:07 -------- d-----w- c:\documents and settings\Infamy\Local Settings\Application Data\Yahoo!
2009-09-12 05:40 . 2009-09-12 05:40 -------- d-----w- c:\documents and settings\Infamy\TruePianos Settings
2009-09-12 05:37 . 2009-09-12 05:39 -------- d-----w- c:\documents and settings\Infamy\Application Data\Cakewalk
2009-09-12 05:24 . 2009-09-12 05:24 -------- d-----w- c:\program files\Common Files\Native Instruments
2009-09-12 04:33 . 2006-02-24 14:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2009-09-12 04:32 . 2009-09-23 09:01 -------- d-----w- C:\Cakewalk Projects
2009-09-12 04:32 . 2009-09-12 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2009-09-12 04:32 . 2009-09-12 05:19 -------- d-----w- c:\program files\Cakewalk
2009-09-11 00:25 . 2009-09-11 00:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-09 19:29 . 2009-09-09 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 02:04 . 2005-06-04 13:09 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2009-09-08 02:04 . 2005-06-04 13:09 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2009-09-08 02:04 . 2005-06-04 13:08 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2009-09-08 02:04 . 2005-06-04 13:08 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2009-09-08 02:04 . 2005-06-04 13:09 131072 ----a-w- c:\windows\system32\pneng50.dll
2009-09-08 02:04 . 2005-06-04 13:09 352768 ----a-w- c:\windows\system32\pngu3263.dll
2009-09-08 02:04 . 2005-06-04 13:09 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2009-09-08 02:04 . 2005-06-04 13:11 85504 ----a-w- c:\windows\system32\encdnet.dll
2009-09-08 02:04 . 2005-06-04 13:09 61952 ----a-w- c:\windows\system32\decdnet.dll
2009-09-08 02:04 . 2005-06-04 13:09 130560 ----a-w- c:\windows\system32\pnc3250.dll
2009-09-08 02:00 . 2005-05-10 00:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2009-09-08 02:00 . 2002-11-25 18:46 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2009-09-08 02:00 . 2009-09-08 02:00 -------- d-----w- c:\program files\Syncrosoft
2009-09-08 01:36 . 2009-09-08 01:36 368640 ----a-w- c:\windows\system32\ReWire.dll
2009-09-08 01:36 . 2009-09-08 01:36 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2009-09-08 01:12 . 2009-09-08 01:12 -------- d-----w- c:\documents and settings\Infamy\Local Settings\Application Data\Tech_Coderz
2009-09-05 12:14 . 2009-09-05 12:14 -------- d-----w- c:\windows\system32\custom matrices
2009-09-05 12:14 . 2009-09-05 12:15 -------- d-----w- c:\windows\system32\C2MP
2009-09-05 12:14 . 2009-09-05 12:14 -------- d-----w- c:\windows\system32\QuickTime
2009-09-05 12:13 . 2009-09-05 14:39 -------- d-----w- c:\documents and settings\Infamy\Application Data\vlc
2009-09-05 12:03 . 2009-09-05 12:03 -------- d-----w- c:\program files\VideoLAN
2009-09-03 21:54 . 2009-09-03 21:54 -------- d-----w- c:\documents and settings\All Users\CyberLink
2009-09-03 21:35 . 2009-09-03 21:35 -------- d-----w- c:\documents and settings\Infamy\Application Data\CyberLink
2009-09-03 21:33 . 2009-09-03 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-09-03 21:24 . 2009-09-08 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-09-03 21:24 . 2009-09-03 21:24 -------- d-----w- c:\program files\SmartSound Software
2009-09-03 21:15 . 2009-09-03 21:27 -------- d-----w- c:\program files\CyberLink
2009-09-03 21:12 . 2009-09-03 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 03:29 . 2007-06-30 21:07 -------- d-----w- c:\program files\iTunes
2009-09-24 03:28 . 2007-10-25 17:11 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 07:31 . 2006-05-15 05:58 -------- d-----w- c:\program files\Steinberg
2009-09-16 16:08 . 2009-08-29 16:45 -------- d-----w- c:\program files\Free FLV Converter
2009-09-12 06:28 . 2006-05-18 00:30 85008 ----a-w- c:\documents and settings\Infamy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 05:23 . 2006-05-22 23:47 -------- d-----w- c:\program files\Native Instruments
2009-09-12 03:26 . 2006-05-15 21:37 -------- d-----w- c:\program files\Java
2009-09-12 03:03 . 2006-05-15 05:50 -------- d-----w- c:\program files\Image-Line
2009-09-11 15:39 . 2006-05-15 06:07 -------- d-----w- c:\program files\Google
2009-09-11 14:21 . 2006-05-22 03:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-09 21:24 . 2006-05-16 05:34 -------- d-----w- c:\documents and settings\Infamy\Application Data\Apple Computer
2009-09-09 21:07 . 2009-07-30 03:26 -------- d-----w- c:\program files\QuickTime
2009-09-09 20:38 . 2009-08-24 10:12 -------- d-----w- c:\documents and settings\Infamy\Application Data\Lala Music Mover
2009-09-08 02:14 . 2007-12-22 18:23 -------- d-----w- c:\documents and settings\Infamy\Application Data\Steinberg
2009-09-08 02:12 . 2006-05-17 19:32 -------- d-----w- c:\program files\Lx_cats
2009-09-08 01:39 . 2006-09-19 01:16 -------- d-----w- c:\documents and settings\Infamy\Application Data\Propellerhead Software
2009-09-08 01:36 . 2006-09-18 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2009-09-03 21:32 . 2006-05-15 07:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-28 23:42 . 2009-07-30 03:20 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 23:42 . 2007-10-25 17:12 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-19 07:36 . 2009-08-29 16:46 299008 ----a-w- c:\windows\system32\TubeFinder.exe
2009-08-11 20:21 . 2009-08-11 20:21 87552 ----a-w- c:\windows\system32\ac3config.exe
2009-08-04 15:58 . 2009-08-04 15:58 802603 ----a-w- c:\windows\system32\ff_x264.dll
2009-08-04 15:57 . 2009-08-04 15:57 557003 ----a-w- c:\windows\system32\libmplayer.dll
2009-08-04 13:07 . 2009-08-04 13:07 4455179 ----a-w- c:\windows\system32\libavcodec.dll
2009-07-29 23:10 . 2009-07-29 23:10 829781 ----a-w- c:\windows\system32\xvidcore.dll
2009-07-14 13:19 . 2009-07-14 13:19 425040 ----a-w- c:\windows\system32\TomsMoComp_ff.dll
2009-07-14 12:31 . 2009-07-14 12:31 146098 ----a-w- c:\windows\system32\libmpeg2_ff.dll
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32 . 2006-05-08 18:07 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37 . 2006-05-24 17:37 45568 --sha-r- c:\windows\system32\cygz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-02-22 126976]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2005-01-21 167936]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2005-01-14 184320]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-10 185896]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"iLike"="c:\program files\iLike\1.2.14\ilikesidebar.exe" [2008-09-11 63024]

c:\documents and settings\Infamy\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
M-Audio Ozone Control Panel Launcher.lnk - c:\program files\M-Audio Ozone\OZTask.exe [2003-1-31 98304]
Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-5-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2005-01-18 16:48 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi2"=usbnz1x1.dll
"midi3"=usbnz1x1.dll
"midi5"=usbnz1x1.dll
"midi7"=usbnz1x1.dll
"midi9"=usbnz1x1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153132310\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153132310\\ee\\aim6.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Infamy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Infamy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 6:26 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 ma763008;M-Audio Ozone;c:\windows\system32\drivers\MA763008.sys [5/15/2006 2:05 AM 30464]
R3 USBNZ1X1;M-Audio Ozone Midi;c:\windows\system32\drivers\usbnz1x1.sys [5/15/2006 2:05 AM 22272]
S2 gupdate1c8c87fc3a3c1b0;Google Update Service (gupdate1c8c87fc3a3c1b0);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2008 5:29 PM 133104]
S3 MADFU008;MADFU008;c:\windows\system32\drivers\MADFU008.sys [5/15/2006 2:05 AM 16640]
.
Contents of the 'Scheduled Tasks' folder

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-10 22:07]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-10 22:07]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-261478967-725345543-1003Core.job
- c:\documents and settings\Infamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-22 19:14]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-261478967-725345543-1003UA.job
- c:\documents and settings\Infamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-22 19:14]

2009-09-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - d:\unmatc~1\Other\Programs\MI31D0~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Infamy\Application Data\Mozilla\Firefox\Profiles\v8qpepxc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\Infamy\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Infamy\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPJPI150_10.dll
FF - plugin: c:\program files\Java\jre1.5.0_10\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint_.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{6AA8684D-86B4-4022-9E3D-3C045823FE73} - (no file)
HKCU-Run-Aim6 - (no file)
HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE
ShellExecuteHooks-{F89688C0-370E-4E5D-A473-299B383A41E5} - (no file)
ShellExecuteHooks-{BD804BDD-9A9E-45F5-B9CD-99832A48603C} - c:\windows\system32\WMDima.dll
AddRemove-Reason Adapted M-Audio Express_is1 - d:\unmatched productions library\Producing Files\Programs\Reason Adapted M-Audio Express\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 10:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

c:\windows\TEMP\TMP00000032E2853191E094636F 524288 bytes executable

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CakewalkPlugIns\Ê:âëüMpªê **]
"Description"="Cakewal"
"HelpFilePath"=""
"HelpFileTopic"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\M-Audio Ozone\Install\ozinst.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\igfxext.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-09-30 11:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 15:07

Pre-Run: 28,076,912,640 bytes free
Post-Run: 29,974,691,840 bytes free

310

Advertisements

Register to Remove

#11 Infam247

New Member

Authentic Member
14 posts

Posted 30 September 2009 - 05:00 PM

Okay, couple of issues I have to resolve: 1. How can I reinstall autorun.inf now that the browsers work again? 2. My computer no longer recognizes my external hard drive, and when I go to explore I can't find it.

Edited by Infam247, 30 September 2009 - 05:14 PM.

#12 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 30 September 2009 - 06:42 PM

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\bmk2x0bt.2hu
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\jkvbe0fh.vpk
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\pgorjmvo.i55
c:\documents and settings\Infamy\Local Settings\Temporary Internet Files\vwegfdvw.iur
c:\documents and settings\Infamy\Start Menu\Programs\Uninstall.lnk
c:\windows\Downloaded Program Files\RdxIE.dll

Combofix didn't find autorun.inf or it would be shown in what it removed.

2. My computer no longer recognizes my external hard drive, and when I go to explore I can't find it.

That sounds more like a USB driver is missing. We can deal with that later.

Do you know what this program is?
c:\program files\wwgpfs

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#13 Infam247

New Member

Authentic Member
14 posts

Posted 30 September 2009 - 07:10 PM

If it didn't disable it how come it doesn't work anymore? And no I don't but I see it now

#14 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 30 September 2009 - 07:16 PM

Are there any files in that program?

Do a file search for autorun.inf

This should repair autoplay
Autoplay Repair Wizard
http://www.microsoft...;DisplayLang=en

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#15 Infam247

New Member

Authentic Member
14 posts

Posted 30 September 2009 - 07:57 PM

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occured because the DLL C:\WINDOWS\system32\HHCTRL.OCX occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contact for a new DLL. I ran the autofix and it seems to have fixed the issue for one drive I was having a problem with but it instructed me to logoff and then back on and this error came up as soon as it did. What would cause that?

Body Background

skin color theme