Avast WEBforum
Other => Viruses and worms => Topic started by: Sirconversation on July 15, 2009, 08:25:50 AM
-
Hi everyone..... I'd Really Appreciate some Help on Resolving.
I'm Using the Main Administrative Account On my Pc and initially Noticed A browser Jacker Taking Over IE Occasionally ,
Currently When i Launch the Avast Splash and it performs the Memory scan... it then advises me.....
" Access is Denied "
...Splash cannot Execute the following Program:
C:Downloads\Avasthomeedition 4.6\download.application\ashsimple.exe
If i perform a restart i can occasionally get the avast scanner to launch but it will then close after about 4-7 minutes into a full scan then will advise me of "Access Denied" as i mention Prior.
My Internet Explorer if currently Unavailable to be launched IE 8 ... I've uninstalled & went back to IE7 in a effort to bypass and IE8/IE7 are unable to reinstall after advising it hasnt been installed and i need to restart and then right click "trouble Shoot" from my IE Shortcut on my desk top... Which is no longer available after my Uninstall..
Since i cant launch IE I've been using the latest version of Firefox which Is unable to run the "Onecare online virus scanner" But i am aware of the following Viruses which i've Manually tried to remove but havent located the Main Backdoor Virus which Re-Launches them.
The Viruses or Suspected Viruses are as follow:
lsass.exe
alg.exe
wuauclt
freddy49.exe
mstre19.exe
c:\windows\system32trz10.tmp
winzip32.ex_
pws:win32/daurso.gen!a
koobface
My System Information is the following :
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
Processor x86 Family 15 Model 2 Stepping 9 GenuineIntel ~2394 Mhz
SMBIOS Version 2.3
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
Total Physical Memory 2,048.00 MB
Available Physical Memory 1.06 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.23 GB
I've Used the " Panda Active Scan 2.0" (only scanner i found on firefox for free) online scanner to locate the Major threats & allowed it to remove or attempt to remove the issues...
Yet My Avast wont launch properly and when i do get it to launch i do a bootscan and restart immediately to resolve... Yet after a few or another restart of the PC the avast will then go back to a " Access Denied' Issue.
What can i do or what other information is needed to Help Resolve this issue....
Thanks a lot in advance.
-
You could try Avira rescue cd, which will scan your pc without booting windows.It will not remove anything, but rename the extensions.I don't think it produces a log, so you will have to note any findings.
Then run Malwarebytes and SAS to remove anything found.
http://forum.avira.com/wbb/index.php?page=Thread&postID=730130#post730130 (http://forum.avira.com/wbb/index.php?page=Thread&postID=730130#post730130)
http://filehippo.com/download_malwarebytes_anti_malware/ (http://filehippo.com/download_malwarebytes_anti_malware/)
http://filehippo.com/download_superantispyware/ (http://filehippo.com/download_superantispyware/)
Please post any findings
-
Hi Sirconversation,
Try a boot time scan with avast! Right click the scanner screen, select 'schedule a boot time scan' and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)
Try a scan with DrWeb CureIT! (http://www.freedrweb.com/cureit/)
Try the usual free adware/spyware scanners.
SUPERAntiSpyware Free (http://www.superantispyware.com/)
a-Squared Free (http://www.emsisoft.com/en/software/free/)
Malwarebytes' Anti-Malware (http://www.malwarebytes.org/)
-
@micky77 ......... Thanks I'll try those last 2 links you provided....I reviewed all 3 and with the rescue scan my concern is finding a Clean Pc... with the rash of virus's and hacks i've noticed in the news and i'm sure you guys had a few days head notice i'd probably only trust a pc right out the box right about now or a MAC lol.. If u have any other tips i appreciate or online scanners i can run independently without install would be great
Thanks for the rapid reply
-
HI freewheelin franks
Thanks for the reply also..... I have tried to launch the avast Splash screen to access the boot scan... and after the memory test is performed it will then say " Access Denied" and then close avast...After a restart or few...... i will gain access of avast and will be able to perform a boot scan which i mention in my prior post.....but even after doin this a few times and over a few HRs.... the same issue Occurs and then Blocks access to avast as again & Unable to Load or Reinstall IE 7/8. ?? Any added tips? ....... i Am tryin the links u provided to resolve and will Repost the Results in a few.
Appreciated
-
I'd definitely look at MBAM. You may need to rename the installer package to get it to install, and possibly the main exe to get it to update/run after installtion.
Are you really running Avast 4.6?
That one has been out of date for a while. Get the latest, 4.8.1335.
-
@Tarq57....... Thanks I'll google Mbam or a good link if you ( anyone has one available) .... I'm Currently running Build : Feb2009 (4.8.1335)
I've Been Using Avast For years... So Anytime it updates or Installs the latest Version I'd Often Put it in my Avast Folder Which reflects that Older version name but the older versions are Extracted and updated upon New Installs to my Belief ? Could this be a Issue or just Superficial?
Appreciated
-
FreewheelinFrank posted a link to MBAM above. Micky77 posted a link for the same program, different mirror. (Either site is fine.)
Regarding your program run location. I actually dont' know if this could be a problem. I think it may be.
I usually have the program run from its default location and keep downloaded files (installers etc) in a different folder completely.
It would seem that possibly there is some confusion from within the program as to what is supposed to run, possibly caused by the path.
The "C:Downloads\Avasthomeedition 4.6\download.application\ashsimple.exe" causes a bit of puzzlement and suspicion to me. I mean, why is 4.6 still trying to run? Maybe it's because the version of "ashsimple" hasn't actually changed since 4.6, while other aspects of the program have.
But I don't think so. My one is titled ashSimp.exe and the version # is 4.8.1335.
It is even possible your version of Avast may not be the real thing.
PS it is also possible, of course, that the malware is corrupting/modifying the error message, and your installation mayy be otherwise fine.
I just don't know enough to be sure. Something worth checking out, though.
-
@Targ57.....Thanks again for the tips and rapid reply..
I'm Checkin Each of the prior links/Programs by micky77 & FreewheelinFrank
I started out with Malwarbytes and just completed the quick scan with the results posted below... I will also check out the other links if the issue isn't resolved... I didn't want to Run too many programs which may conflict or interrupt each other... So I'll Definitely advise which worked and the results of each if possible till fixed.. All the help is appreciated from Everyone.
As for the Name of the folder... I've Recently Updated Avast Renewals & From everything i've checked it Seems to be Legit.. I would Often create a Subfolder of the most recent Version in that Intial Folder to Keep track & find it quick on downloads of newer versions.
Should I try to uninstall and re-DownLoad Avast ?? and how will that affect my License Key if any affect at all??? & should i use the Control Panel Add/Remove program or the Avast Uninstall option in the folder itself. ??
I am able to access the Avast Icon in my tool bar and go into the menu options and get the information such as the version which is " version # is 4.8.1335. Version 4.8 Home Edition... That information i accessed thru the " About Avast " option.
The main issue is when i launch the Antivirus Scanner ... after doin the memory check to launch the interface... it would then advise " Access Denied" and the prior information i mentioned...
Thanks again
I will post the Malwarebytes Log in the next few links since i'm limited to a 1000 key limit
-
Malwarebytes' Anti-Malware 1.39
Database version: 2432
Windows 5.1.2600 Service Pack 3
7/15/2009 5:48:42 AM
mbam-log-2009-07-15 (05-48-33).txt
Scan type: Quick Scan
Objects scanned: 185304
Time elapsed: 1 hour(s), 28 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 56
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 23
Files Infected: 167
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> No action taken.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
-
Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bbd4551a-9b23-41cd-9bcd-818aa2da7b63} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{674de1aa-facf-47a5-a4cf-9ef05f9a1b2a} (Trojan.FakeAlert) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\mywebsearchwbbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> No action taken.
-
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{46c166aa-3108-11d4-9348-00c04f8eeb71}\inprocserver32\(default) (Hijack.Hnetcfg) -> Bad: (\\?\globalroot\systemroot\installer\f3d0ce2.msi) Good: (hnetcfg.dll) -> No action taken.
Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\PopSwatr (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\PopSwatr\History (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\Work.Hm.Pc\Application Data\VideoEgg (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Data (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Loader (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Publisher (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520 (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4665 (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> No action taken.
Files Infected:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> No action taken.
C:\Documents and Settings\Work.Hm.Pc\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> No action taken.
c:\program files\mywebsearch\bar\History\search (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\settings.htm (Adware.MyWebSearch) -> No action taken.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> No action taken.
c:\program files\funwebproducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Data\report.log (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\publisher.ver (Adware.VideoEgg) -> No action taken.
-
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\avcodec.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\crashRpt.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\lame_enc.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\libcurlve.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\libpng.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\zlib.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
-
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> No action taken.
-
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> No action taken.
-
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> No action taken.
-
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> No action taken.
-
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\application data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> No action taken.
c:\documents and settings\Work.Hm.Pc\local settings\Temp\cd15E3.tmp (Heuristics.Malware) -> No action taken.
C:\Program Files\Common\helper.sig (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\DRIVERS\str.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> No action taken.
c:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> No action taken.
I Have Since Taken the Suggested Option By Malwarebytes & Deleted/Quarantine these FIles and Restarted the PC
The Same Issue with Launchin the Avast Splash Has Occurred !
-
Quickly run this program, it will take seconds http://filehippo.com/download_hijackthis/ (http://filehippo.com/download_hijackthis/)
Then post that first
Choose scan and save a log file, copy/paste the txt log. Then I would run MBAM quick scan again, should be lots quicker. Then run SAS and post both logs. I get the feeling, something is still lurking
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:04 AM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Downloads\avasthomeedition 4.6\download.application\aswUpdSv.exe
C:\Downloads\avasthomeedition 4.6\download.application\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Downloads\avasthomeedition 4.6\download.application\ashMaiSv.exe
C:\Downloads\avasthomeedition 4.6\download.application\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\DOWNLO~1\AVASTH~1.6\DOWNLO~1.APP\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\IE7-WindowsXP-x86-enu.exe
c:\6f9b93bb5472ded60bfb76c4564c7fa5\update\iesetup.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
-
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
-
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] C:\DOWNLO~1\AVASTH~1.6\DOWNLO~1.APP\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [eFax 4.1] "C:\Program Files\eFax Messenger 4.1\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: eFax 4.1.lnk = C:\Program Files\eFax Messenger 4.1\J2GTray.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
-
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab27571.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scanner/SysProExe.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://128.121.20.15:1995/talk.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab27571.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/StandardInstall/static/controls/WebflowActiveXInstaller_4-2-0.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Downloads\avasthomeedition 4.6\download.application\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Downloads\avasthomeedition 4.6\download.application\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Downloads\avasthomeedition 4.6\download.application\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Downloads\avasthomeedition 4.6\download.application\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13657 bytes
-
@micky77....... Thanks.... After the restart and i noticed the issue with the avast i started a thorough scan with Malwarebytes .......I will post the results when its complete and try sas as well
-
I'm having the same problem on one of our stations. Microsoft turned off Avast! to do an update on this station then didn't turn it back on and the user had no idea it had happened (a good reason to have a password on Avast!...doh!)
When I try to start Avast! It begins a memory scan then the splash screen disappears and I have nothing. I tried running the AshAvast.exe file from explorer and that's when I get the "access denied" warning. Same thing with Spybot S&D. I copied the AshAvast.exe to another drive from one of my other stations and it will run from the remote drive.
I'm using the list on this thread http://forum.avast.com/index.php?topic=37795.0 to try and get rid of it. I'll post if this procedure gets rid of it and takes care of the problem.
-
@Sirconversation
Having a Quick Scan take 1 hour(s), 28 minute(s), 1 second(s) indicates a slow system.
What is the CPU type and speed and how much RAM does the system have?
@DeliriousGA
Please start you own topic by selecting NEW TOPIC in the viruses and worms area to have you situation handled individually as having two situations in one topic can become confusing.
-
@YoKenny ....... Thanks
My System Information is the following :
OS Name Microsoft Windows XP Home Edition
Version 5.1.2600 Service Pack 3 Build 2600
Processor x86 Family 15 Model 2 Stepping 9 GenuineIntel ~2394 Mhz
SMBIOS Version 2.3
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
Total Physical Memory 2,048.00 MB
Available Physical Memory 1.06 GB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.23 GB
I Mentioned this in the Initial Posting.... Or Is there Something I'm Leaving out/or Different System Spec's you would need...
Processor Intel(R) Pentium(R) 4 CPU 2.40GHz
Processor Speed 2.34 GHz
Memory (RAM) 2048 MB
Operating System Microsoft Windows XP Home Edition
Operating System Version 5.1.2600
Does this help ??? Posting it in a Different format ?
I just completed the Thorough scan and that took
Objects scanned: 410993
Time elapsed: 3 hour(s), 54 minute(s), 42 second(s) Using Malwarebytes
-
@DeliriousGA Thanks and hope this post helps or yours with mines...
I wasnt concerned with locking avast with a password due to the computer status and usage.. Appreciate the input & tips
-
Doing everything on that list did get rid of the viruses, but Avast is still locked out with the "Access denied" message you're getting.
After 6 hours of wasted time trying to get rid of the problem I've decided to just format and start from scratch.
-
;D
-
So Objects scanned: 410993 seems like an awful lot of objects and with only a P4 CPU 2.40GHz explains the slowness of the scan and the hard drive specifications are probably slow as well.
Did you let MBAM get rid of the infections like?
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
-
YoKenny@ Yea thanks...
I allowed MBAM to quarantine and delete those files.... Same issue with the Avast ashe screen to launch as well as IE 7/8 to complete Reinstall ....
Yea Running a 2.40 GHz Plenty Of ram added The Pc isn't set for High Performance more day to day convenience and Moderate Applications ... From what I've been reading and browsing... seems like Microsoft is letting a few more things affect XP to help promote upgrades to vista or windows 7 ... More like Promoting Mac's
Should i Uninstall Avast Completely or run a repair install from the main site?
Or what Options are left to Get Avast to run correctly and without the "Access Denied" aspect and to Regain IE 7/8 to properly Install ??
Thanks
-
Should i Uninstall Avast Completely or run a repair install from the main site?
Go to Control Panel > Add/Remove programs > avast! antivirus > Remove. Then choose Repair function in the popup window (Repair).
If this does not help, can you uninstall / boot / install / boot again?
Or what Options are left to Get Avast to run correctly and without the "Access Denied" aspect and to Regain IE 7/8 to properly Install ??
Some access denied errors could be avoided running avast at boot time (schedule it).
-
@DeliriousGA... Thanks.. Glad to hear u got that partially Resolved... But Formatting at this point wouldn't be a Option for me at this point... Be free to let me know if you come across any Nuggets of info that resolved or corrected your issue thanks.
-
@Tech........ Thanks alot
I've attempted a Repair using that method when i initially came across the issue... But i have not Tried that since i used MRAM so i will try that as soon as i complete this other scanner i was referred and with the 2.40GHz processing i should be finishing sooner then later hopefully since i'm not running a Light Speed Pc at this time lol... After its complete i shall restart after the repair has initiated it.
As for the boot scan.... I am unable to launch the display which schedules the Boot scan after the memory test.... after the intial memory test the " Access Denied " pops up and then advises to press ok and closes the Display.... After a few restarts i am able to get in and schedule a boot scan... which takes about 2-3 hrs with my current configuration
So after posting the results of the next scan .... i shall restart after the "Repair option"
then try the " Uninstall /boot / install /boot again "
I greatly appreciate the Help ...
-
As for the boot scan.... I am unable to launch the display which schedules the Boot scan after the memory test.... after the intial memory test the " Access Denied " pops up and then advises to press ok and closes the Display.... After a few restarts i am able to get in and schedule a boot scan... which takes about 2-3 hrs with my current configuration
Just run (with admin rights): C:\Program Files\ALWIL Software\Avast4\sched.exe /A:"*" /archives
-
Regarding IE, does it install, but fails to browse ? Or fail to install.?There are several more scanners/tools you could try
Run this in safe mode http://www.freedrweb.com/cureit/ (http://www.freedrweb.com/cureit/)
This runs in safe mode by default http://www.bleepingcomputer.com/forums/topic131299.html (http://www.bleepingcomputer.com/forums/topic131299.html)
Online scanners http://housecall.trendmicro.com/uk/ (http://housecall.trendmicro.com/uk/)
http://www.eset.com/onlinescan/ (http://www.eset.com/onlinescan/)
http://www.kaspersky.co.uk/virusscanner (http://www.kaspersky.co.uk/virusscanner)
I could not see anything obvious in the HJT log, see if anything is found by the scanners
-
Recently Ran the Avast Cleaner and here are the Results
avast! Virus Cleaner Tool - version 1.0.211 Unicode
Creating log file: C:\Downloads\aswclnr.log
7/15/2009, 2:21:48 PM
Memory scanning started...
No virus body found in memory.
Memory scanning finished (32.2s).
----------
Files scanning started...
C:\Documents and Settings\ Work.Hm.Pc\Application Data\Mozilla\Firefox\Profiles\x928iapl.default\places.sqlite-journal... file could not be scanned!
C:\Documents and Settings\ Work.Hm.Pc\Local Settings\Temp\etilqs_DErOJ8WFIZT0PkQpYXrt... file could not be scanned!
C:\Documents and Settings\ Work.Hm.Pc\Local Settings\Temp\Perflib_Perfdata_b80.dat... file could not be scanned!
C:\Documents and Settings\ Work.Hm.Pc\Local Settings\Temp\Perflib_Perfdata_bbc.dat... file could not be scanned!
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log... file could not be scanned!
C:\WINDOWS\SYSTEM32\CatRoot2\edbtmp.log... file could not be scanned!
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb... file could not be scanned!
No virus body found.
Files scanning finished (323698 files, 0 infected, 7308.6s).
Drives scanned: C:
----------
-
@micky77.......
IE Fails to Install Completely .....Advises Unable to install... Restart Pc and right Click trouble shoot from the IE shortcut on my Desk Top... Which is no longer there Due to me deleting IE8 to install IE7.... in an attempt to Run Onecare Online scanner to resolve the Issue .... I will Attempt the Online scanners first... I'm currently Running active scan 2.0 from pandasecurity . I didn't want to down load too many anti virus programs back to back and have them trip over each other... So i would run in sequential order and track the results from there
I did try housecall.trendmicro.com/uk/ since that was one of the first and most familiar scanners i came across and that was also how i was able to recognize Koobface quicker
So i will retry and appreciated
-
I have seen Koobface removed successfully with the programs you have used ( mbam and sas ) Possibly your problem lies deeper. I think its worth trying the Drweb, (safe mode ) SDfix and Avira rescue disc ( even if not from a clean pc ) All three have some degree in rootkit exposure. ( not that I am saying you have a rootkit )
-
Running AOHell bloatware is another way to slow down a system.
BroadJump Client Foundation is a big bloated application that is part of AOhell I believe:
http://www.auditmypc.com/process/cdf.asp
http://forums.techarena.in/networking-security/1195648.htm
-
@micky77
i did have a Rootkit ... i thought i had gotten them all in some prior scans prior to this issue
After my restart and bootscan avast located & advised was infected
C:Documents and Setting\ Guest \Local\Setting\Temp\TFR8.tmp
Infected By win32:Rootkit - Gen [rtx]
i wrote that down from the boot scan options and advised it to delete.
I will try Drweb & post the results .... finished up a few of the other scans after a few hrs and boot scans and all so came back clear for a bit .... but my avast latent sensor did go off right before i wrote this reply for 3 diff tmp files
Here is a recent avast log list
Task 'Resident protection' used
* Started on Wednesday, July 08, 2009 2:41:40 PM
* VPS: 090708-0, 07/08/2009
*
C:\WINDOWS\system32\iehelper.dll [L] Win32:Rootkit-gen [Rtk] (0)
File was successfully moved to chest...
C:\DOCUME~1\TARRIC~1.WAL\LOCALS~1\Temp\installb[1].exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\wfcdqr[1].htm [L] Win32:Tiny-II [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\flvjj[1].htm [L] Win32:Tiny-II [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\fcdzd[1].htm [L] Win32:Tiny-II [Trj] (0)
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\ccznrrs[1].txt\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\FYTTVGML\vfcggulym[1].htm [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\kpepb.exe\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\egtau.exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\TPMRSLHZ\ccznrrs[1].txt\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\Documents and Settings\Work.Hm.Pc\Local Settings\Temporary Internet Files\Content.IE5\TPMRSLHZ\vfcggulym[1].htm [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
C:\kpepb.exe\[UPX] [L] Win32:Wali [Cryp] (0)
File was successfully deleted...
C:\egtau.exe [L] Win32:Fraudo [Trj] (0)
File was successfully deleted...
*
* Task stopped: Saturday, July 11, 2009 6:18:20 PM
* Run-time was 3 day(s), 3 hour(s), 36 minute(s), 40 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 6:41:08 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:07:29 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:12:26 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:16:00 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:21:16 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:28:29 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:33:42 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:40:18 PM
* VPS: 090710-0, 07/10/2009
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Saturday, July 11, 2009 7:56:10 PM
* VPS: 090710-0, 07/10/2009
*
C:\WINDOWS\SYSTEM32\WBEM\proquota.exe [L] Win32:Trojan-gen {Other} (0)
File was successfully deleted...
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MXYS876U\be.15[1].exe\[UPX] [L] Win32:Koobface-P [Wrm] (0)
File was successfully deleted...
C:\DOCUME~1\Guest\LOCALS~1\Temp\vcru_1247360817.exe\[UPX] [L] Win32:Koobface-P [Wrm] (0)
File was successfully deleted...
*
* Task stopped: Sunday, July 12, 2009 10:01:13 PM
* Run-time was 1 day(s), 2 hour(s), 5 minute(s), 3 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:54:49 AM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 2:10:26 AM
* Run-time was 15 minute(s), 37 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:12:03 AM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 2:12:24 AM
* Run-time was 21 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:06:06 PM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 1:23:23 PM
* Run-time was 17 minute(s), 17 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 1:24:46 PM
* VPS: 090712-0, 07/12/2009
*
*
* Task stopped: Monday, July 13, 2009 2:13:13 PM
* Run-time was 48 minute(s), 27 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:14:35 PM
* VPS: 090713-0, 07/13/2009
*
*
* Task stopped: Monday, July 13, 2009 2:31:42 PM
* Run-time was 17 minute(s), 7 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 2:33:18 PM
* VPS: 090713-0, 07/13/2009
*
C:\WINDOWS\nbron_1247513665.exe [L] Win32:LdPinch-CYW [Trj] (0)
File was successfully deleted...
*
* Task stopped: Monday, July 13, 2009 4:48:49 PM
* Run-time was 2 hour(s), 15 minute(s), 31 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 4:50:26 PM
* VPS: 090713-0, 07/13/2009
*
*
* Task stopped: Monday, July 13, 2009 5:01:34 PM
* Run-time was 11 minute(s), 8 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Monday, July 13, 2009 5:02:57 PM
* VPS: 090713-0, 07/13/2009
*
*
* Task stopped: Tuesday, July 14, 2009 3:53:55 PM
* Run-time was 22 hour(s), 50 minute(s), 58 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 3:55:23 PM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Tuesday, July 14, 2009 5:14:34 PM
* Run-time was 1 hour(s), 19 minute(s), 11 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 5:16:04 PM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Tuesday, July 14, 2009 5:22:26 PM
* Run-time was 6 minute(s), 22 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Tuesday, July 14, 2009 9:01:12 PM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Wednesday, July 15, 2009 5:54:05 AM
* Run-time was 8 hour(s), 52 minute(s), 53 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, July 15, 2009 5:55:35 AM
* VPS: 090714-0, 07/14/2009
*
*
* Task stopped: Wednesday, July 15, 2009 7:03:58 PM
* Run-time was 13 hour(s), 8 minute(s), 23 second(s)
*
*
* avast! Report
* This file is generated automatically
*
* Task 'Resident protection' used
* Started on Wednesday, July 15, 2009 10:47:05 PM
* VPS: 090715-0, 07/15/2009
-
@YoKenny..... Yea i got rid of AOHell bloatwar i didnt see much use in it but didnt see any harm in it either but gone now Thanks