PDA

View Full Version : Need help with virtumonde and virtumonde.prx



victor6er
2008-09-13, 19:35
I run spybot and it finds these everytime but doesn't fix them. I am attaching my hijackthis log. The program keeps me out of yahoo email and any results from good until I do a scan in safe mode but it always comes back.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33, on 2008-09-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

--
End of file - 1979 bytes

victor6er
2008-09-13, 21:50
Here's my antiMalware log - complete scan before removal

Malwarebytes' Anti-Malware 1.28
Database version: 1145
Windows 5.1.2600 Service Pack 2

2008-09-13 13:28:03
mbam-log-2008-09-13 (13-27-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 195347
Time elapsed: 1 hour(s), 37 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 15
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 17
Files Infected: 199

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\byXQKEUK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vthwby.dll (Trojan.Vundo) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifdcdbt (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{55737035-1b75-48dd-a4d8-66155d8ac7a3} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ddc91be-e480-4fc4-9657-09b9ec00aff5} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8ddc91be-e480-4fc4-9657-09b9ec00aff5} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{966d6066-6858-41dc-ac0c-5a305b9118da} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{966d6066-6858-41dc-ac0c-5a305b9118da} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{332b3115-4b81-4e04-9579-2fc084e5007d} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{332b3115-4b81-4e04-9579-2fc084e5007d} (Trojan.BHO.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\byxqkeuk -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\byxqkeuk -> No action taken.

Folders Infected:
C:\Program Files\Common Files\Yourprivacyguard (Rogue.Yourprivacyguard) -> No action taken.
C:\WINDOWS\SYSTEM32\905757 (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Yourprivacyguard (Rogue.Yourprivacyguard) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Yourprivacyguard\Logs (Rogue.Yourprivacyguard) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Data (Adware.VideoEgg) -> No action taken.

Files Infected:
C:\WINDOWS\system32\iifdcdBT.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\byXQKEUK.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\KUEKQXyb.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\KUEKQXyb.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\vthwby.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\wpgxhscf.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\SYSTEM32\fcshxgpw.ini (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\YPQ1WP69\silent.dll[1].bak (Trojan.BHO.H) -> No action taken.
C:\WINDOWS\SYSTEM32\rcilqhjp.dll (Trojan.Vundo) -> No action taken.
C:\temp\Ahead Nero v8.3.2.1 (''Ahead.Nero.v8.3.2.1.Incl.NE\keygen.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\sccs.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\intelOP.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\css.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\ppxcs.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\e9bdd4jg.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\ajmzh432.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\stv5b4il.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\vrerk4c1.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\ouw6dk96.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\x32brfn5.exe (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\sfsrv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\IXP001.TMP\Setup.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SJ2F9PZU\4683lt[1].exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SJ2F9PZU\scom[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\HIT6O2JA\IMSP[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\KADHUAP7\cstuff[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1IYH6VT7\proxit[1].exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Owner\Desktop\backups\backup-20080603-223256-800.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\MIA9BMK3\4k4t[1].dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\MIA9BMK3\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\YPQ1WP69\CAQBUZEX (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\YPQ1WP69\upd105320[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\WJGSGXKD\kb678031[1] (Trojan.Vundo) -> No action taken.
D:\temp\Ahead Nero v8.3.2.1 (''Ahead.Nero.v8.3.2.1.Incl.NE\keygen.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Common Files\Yourprivacyguard\mc.exe (Rogue.Yourprivacyguard) -> No action taken.
C:\Documents and Settings\Owner\Application Data\Yourprivacyguard\Logs\update.log (Rogue.Yourprivacyguard) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> No action taken.
C:\Documents and Settings\Owner\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> No action taken.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> No action taken.
C:\WINDOWS\BM2a1726df.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM2a1726df.txt (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Owner\My Documents\My Music\My Music.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Owner\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\MediaTubeCodec_ver1.1463.0.exe (Trojan.FakeAlert) -> No action taken.

victor6er
2008-09-13, 21:51
After removal with AntiMalware
logfile...

Malwarebytes' Anti-Malware 1.28
Database version: 1145
Windows 5.1.2600 Service Pack 2

2008-09-13 13:45:51
mbam-log-2008-09-13 (13-45-46).txt

Scan type: Quick Scan
Objects scanned: 98150
Time elapsed: 14 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{332b3115-4b81-4e04-9579-2fc084e5007d} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{332b3115-4b81-4e04-9579-2fc084e5007d} (Trojan.BHO.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\YPQ1WP69\silent.dll[1].bak (Trojan.BHO.H) -> No action taken.

victor6er
2008-09-13, 22:11
And it seems that's as far as I can get.

At this moment logfile...

Malwarebytes' Anti-Malware 1.28
Database version: 1145
Windows 5.1.2600 Service Pack 2

2008-09-13 14:09:06
mbam-log-2008-09-13 (14-09-01).txt

Scan type: Quick Scan
Objects scanned: 98104
Time elapsed: 12 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{332b3115-4b81-4e04-9579-2fc084e5007d} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{332b3115-4b81-4e04-9579-2fc084e5007d} (Trojan.BHO.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator.EXPERIENCE\Local Settings\Temporary Internet Files\Content.IE5\YPQ1WP69\silent.dll[1].bak (Trojan.BHO.H) -> No action taken.

victor6er
2008-09-17, 23:45
Anybody?

Do NOT run 'FIXES' before helpers have analyzed HJT log (http://forums.spybot.info/showthread.php?t=16806 )

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/showthread.php?t=1137)