Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[geep]

Hi,
I've just been trying to help my sister, via LogMeIn.com, to setup her wireless network security for new laptop.
After logging on to her desktop PC I find that both Firefox and IE7 contain a URL which starts with:
http://search.conduit.com

We don't know where it has come from, and we can't type any other address into the address bar.
(We means me via LogMeIn.com and also my brother-in-law sitting at the remote PC).
Also, don't seem to be able to select any browser configuration options either - but not 100% sure on that and now connection to remote PC is lost for the moment.

Suspecting a virus, we tried running a virus scan with AVG. The AVG window appears, all options appear OK
but AVG seems blocked when we click on the option to run a scan - nothing happens.

It's possible to select Firefox or IE7, and minimize/maximize, but we can't end them.
I tried to shut the PC down, but that hangs with a message saying it can't close Firefox.
So we've done a forced shutdown with the power switch.

A notable thing is that during a previous session on the PC, RealPlayer requested, and completed, an update.
Probably coincidence?

I see various reference to search.conduit.com via Google, and it all seems bad.
Anybody any definitive advice ?

Googling I can see several references, and tools to download and clean.
e.g. from  http://malwaresolution.com/m14/search-conduit-com-removal.html
I'm VERY wary of such things, so any recommendations based on actual experience welcome.

Cheers,
Peter
 

 

[tuftedduck]

I suspect that the computer in question has been infected by Win32:Trojan-gen .

What antimalware programs are there available other than AVG ?
You need something powerful like Malwarebytes.

Can you get on-line to http://www.malwarebytes.org/mbam.php and download thr free version ( by hitting the blue button ) , install, update and run it. Let it get rid of anything it finds.

If you cannot achieve that, you may have to run a Hijackthis ( http://free.antivirus.com/hijackthis/ ) report and lay that in front of an expert analyst such as CaptainSpyware ( John McKenna ) who would guide you through the cleaning process..........but try Malwarebytes first.........and avoid the product highlighted in your linky.

[geep]

@tuftedduck - thanks, we seem to be back to normal now.
Malwarebytes found and removed something that looked very nasty - I didn't note the name unfortunately.
AVG had already started working again, and a full scan didn't reveal anything horribly bad.
Neither did AdAware.
Then Malwarebytes seemed to do the trick. Fingers crossed.

Cheers,
Peter

[tuftedduck]

Good news, geep,...........let's hope the problem is resolved..

It would be a good idea to run another Malwarebytes scan fairly soon, just in case, as some of these trojans can replicate themselves and crop up again.

You mention Ad-Aware. That is now talked of as being a very weak program and ineffective against anything more serious than tracking cookies.
It may be worth removing it and relying on Malwarebytes.......to my way of thought Ad-Aware is very dangerous to the extent that it gives a false sense of security whilst doing not very much.

[UncleUB]

Malwarebytes found and removed something that looked very nasty - I didn't note the name unfortunately.

Malwarebytes usually logs a copy of each scan

Click on>Logs.You should then be able to copy and paste it on here.

[geep]

There were hundreds of .png files removed in VideoEgg directories - they're omitted here else the log is too big to post.
I used grep -vn ".png" to get rid of them from this listing, which includes line numbers of the original log.

1:Malwarebytes' Anti-Malware 1.50.1.1100
2:www.malwarebytes.org
3:
4:Database version: 5417
5:
6:Windows 5.1.2600 Service Pack 3
7:Internet Explorer 8.0.6001.18702
8:
9:29/12/2010 19:31:11
10:mbam-log-2010-12-29 (19-31-11).txt
11:
12:Scan type: Quick scan
13:Objects scanned: 280086
14:Time elapsed: 42 minute(s), 22 second(s)
15:
16:Memory Processes Infected: 0
17:Memory Modules Infected: 0
18:Registry Keys Infected: 27
19:Registry Values Infected: 0
20:Registry Data Items Infected: 1
21:Folders Infected: 35
22:Files Infected: 687
23:
24:Memory Processes Infected:
25:(No malicious items detected)
26:
27:Memory Modules Infected:
28:(No malicious items detected)
29:
30:Registry Keys Infected:
31:HKEY_CLASSES_ROOT\CLSID\{168DC258-1455-4E61-8590-9DAC2F27B675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
32:HKEY_CLASSES_ROOT\VideoEgg.ActiveXLoader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
33:HKEY_CLASSES_ROOT\CLSID\{1A8642F1-DC80-4EDC-A39D-0FB62A58B455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
34:HKEY_CLASSES_ROOT\CLSID\{3F91EB90-EF62-44EE-A685-FAC29AF111CD} (Adware.VideoEgg) -> Quarantined and deleted successfully.
35:HKEY_CLASSES_ROOT\CLSID\{5C29C7E4-5321-4CAD-BE2E-877666BED5DF} (Adware.VideoEgg) -> Quarantined and deleted successfully.
36:HKEY_CLASSES_ROOT\CLSID\{83DFB6EE-AB18-41B5-86D4-B544A141D67E} (Adware.VideoEgg) -> Quarantined and deleted successfully.
37:HKEY_CLASSES_ROOT\CLSID\{88D6CF0E-CF70-4C24-BF6E-E4E414BC649C} (Adware.VideoEgg) -> Quarantined and deleted successfully.
38:HKEY_CLASSES_ROOT\CLSID\{8F6A82A2-D7B1-443E-BB9F-F7DC887DD618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
39:HKEY_CLASSES_ROOT\CLSID\{9856E2D8-FFB2-4FE5-8CAD-D5AD6A35A804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
40:HKEY_CLASSES_ROOT\CLSID\{A3D06987-C35E-49E4-8FE2-AC67B9FBFB4C} (Adware.VideoEgg) -> Quarantined and deleted successfully.
41:HKEY_CLASSES_ROOT\CLSID\{A58C497B-3EE2-45E7-9594-DACA6BE2A0D0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
42:HKEY_CLASSES_ROOT\CLSID\{AD0A3058-FD49-4F98-A514-FD055201835E} (Adware.VideoEgg) -> Quarantined and deleted successfully.
43:HKEY_CLASSES_ROOT\CLSID\{AD5915EA-B61A-4DBA-B5C8-EF4B2DF0A3C7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
44:HKEY_CLASSES_ROOT\CLSID\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
45:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
46:HKEY_CLASSES_ROOT\CLSID\{BB187C0D-6F53-4F3E-9590-98FD3A7364A2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
47:HKEY_CLASSES_ROOT\CLSID\{C5041FD9-4819-4DC4-B20E-C950B5B03D2A} (Adware.VideoEgg) -> Quarantined and deleted successfully.
48:HKEY_CLASSES_ROOT\CLSID\{D17726CC-D4DD-4C4A-9671-471D56E413B5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
49:HKEY_CLASSES_ROOT\CLSID\{DB8CCE99-59C6-4552-8BFC-058FEB38D6CE} (Adware.VideoEgg) -> Quarantined and deleted successfully.
50:HKEY_CLASSES_ROOT\CLSID\{DC3A04EE-CDD7-4407-915C-A5502F97EECD} (Adware.VideoEgg) -> Quarantined and deleted successfully.
51:HKEY_CLASSES_ROOT\CLSID\{E1A63484-A022-4D42-830A-FBD411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
52:HKEY_CLASSES_ROOT\CLSID\{E282C728-189D-419E-8EE2-1601F4B39BA5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
53:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
54:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D032570A-5F63-4812-A094-87D007C23012} (Trojan.BHO) -> Quarantined and deleted successfully.
55:HKEY_CLASSES_ROOT\VideoEgg.ActiveXLoader (Adware.VideoEgg) -> Quarantined and deleted successfully.
56:HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Publisher,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
57:HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/Updater,version=0.2.0 (Adware.VideoEgg) -> Quarantined and deleted successfully.
58:
59:Registry Values Infected:
60:(No malicious items detected)
61:
62:Registry Data Items Infected:
63:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Program Files\PCenter\pc.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
64:
65:Folders Infected:
66:c:\documents and settings\Fred\application data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
67:c:\documents and settings\Fred\application data\VideoEgg\publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
68:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152 (Adware.VideoEgg) -> Quarantined and deleted successfully.
69:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
70:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
71:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
72:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
73:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
74:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
75:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
76:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
77:c:\documents and settings\Fred\application data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
78:c:\documents and settings\Fred\application data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
79:c:\documents and settings\all users\application data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
80:c:\documents and settings\Freda\application data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
81:c:\documents and settings\Freda\application data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
82:c:\documents and settings\Freda\application data\VideoEgg\Data\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
83:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329 (Adware.VideoEgg) -> Quarantined and deleted successfully.
84:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124 (Adware.VideoEgg) -> Quarantined and deleted successfully.
85:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03 (Adware.VideoEgg) -> Quarantined and deleted successfully.
86:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
87:c:\documents and settings\Freda\application data\VideoEgg\publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
88:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461 (Adware.VideoEgg) -> Quarantined and deleted successfully.
89:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
90:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
91:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
92:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
93:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
94:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
95:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
96:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
97:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
98:c:\documents and settings\Freda\application data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
99:c:\documents and settings\Freda\application data\VideoEgg\Updater\2663 (Adware.VideoEgg) -> Quarantined and deleted successfully.
100:c:\documents and settings\Freda\application data\VideoEgg\Updater\4458 (Adware.VideoEgg) -> Quarantined and deleted successfully.
101:
102:Files Infected:
103:c:\program files\VideoEgg\Loader\2663\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
104:c:\documents and settings\Fred\local settings\Temp\dealiokit1-stub-0.exe (PUP.Dealio) -> Not selected for removal.
105:c:\documents and settings\Andrew\local settings\Temp\dealiokit1-stub-0.exe (PUP.Dealio) -> Not selected for removal.
106:c:\documents and settings\David\local settings\Temp\dealiokit1-stub-0.exe (PUP.Dealio) -> Not selected for removal.
107:c:\documents and settings\Fred\application data\VideoEgg\publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
108:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
109:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
110:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\dbghelp.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
111:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\flvencoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
112:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
113:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\levelmeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
114:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
116:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
117:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
118:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\videoegg_flvwriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
119:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
148:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
192:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
193:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
218:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
219:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
220:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
273:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
371:c:\documents and settings\Fred\application data\VideoEgg\publisher\4152\resources\VideoEgg\messages\messages.en-us.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
372:c:\documents and settings\Fred\application data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
373:c:\documents and settings\Fred\application data\VideoEgg\Updater\2663\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
374:c:\documents and settings\Fred\application data\VideoEgg\Updater\2663\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
375:c:\documents and settings\all users\application data\VideoEgg\user.dat (Adware.VideoEgg) -> Quarantined and deleted successfully.
376:c:\documents and settings\Freda\application data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
405:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
449:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
450:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
475:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
476:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
477:c:\documents and settings\Freda\application data\VideoEgg\Data\resources\gid329\cid1124\bebo03\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
497:c:\documents and settings\Freda\application data\VideoEgg\publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
498:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
499:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
500:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\datacollection.tmp (Adware.VideoEgg) -> Quarantined and deleted successfully.
501:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\flvencoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
502:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
503:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\levelmeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
504:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
506:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
507:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
508:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\videoegg_flvwriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
509:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
543:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.

[geep]

Part2 :
641:c:\documents and settings\Freda\application data\VideoEgg\publisher\3461\resources\VideoEgg\messages\messages.en-us.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
642:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
643:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
644:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\flvencoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
645:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
646:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\levelmeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
647:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
649:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
650:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\videoegg_flvwriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
651:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
685:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
783:c:\documents and settings\Freda\application data\VideoEgg\publisher\4520\resources\VideoEgg\messages\messages.en-us.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
784:c:\documents and settings\Freda\application data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
785:c:\documents and settings\Freda\application data\VideoEgg\Updater\videoeggbroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
786:c:\documents and settings\Freda\application data\VideoEgg\Updater\2663\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
787:c:\documents and settings\Freda\application data\VideoEgg\Updater\2663\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
788:c:\documents and settings\Freda\application data\VideoEgg\Updater\4458\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
789:c:\documents and settings\Freda\application data\VideoEgg\Updater\4458\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.

[tuftedduck]

There we are.........the machine was initially infected by the trojan pc.exe which has infiltrated the Winlogon process and subsequently caused a lot of related processes to be corrupted.

That infestation has also lodged the trojan.BHO (browser help object ) which is what gave you the problem with your browsers.

The same has also polluted the entire system with the spyware Adware.VideoEgg.

All is clean now, but it may well be worth flushing out all the old system restore points in case any remnants of the infection remain. To do that, switch off system restore..reboot...switch back on.

Trojan pc.exe emanates from Russia......have the users been visiting dodgy sites ? Sorry, none of my business, but just look at the extent of infiltration by one piece of malware..........27 Registry entries, 35 system folders and 687 system files.....thats a lot !

[geep]

The PC is used by the whole family, which includes 2 teenage sons who emphatically deny everything and anything!.
Happy  New Year,
Peter

[tuftedduck]

>>which includes 2 teenage sons who emphatically deny everything and anything<<

Ah, nuff said. 

Happy New Year to you, geep. 

[geep]

Yesterday my sister got a call from her bank querying some strange credit card usage - a card she only ever uses online. Fortunately the bank blocked the transactions, and the card is now cancelled. Whether it's due to the infection on the PC I guess we'll never know.

Makes me glad I use Linux 95% of the time - I think it's a bit more secure than another well-known operating system.

The PC was so upset it deceased - the PSU burnt out with a great smell a few days ago.
My son built the PC and thought he'd used quality components - including an Antec PSU.
In fact he built 2 similar PCs at the same time. Both the Antec PSUs packed up within the warranty period.
And now one of the replacement Antec PSUs has blown up after 3 years. Last time it took the motherboard with it.
Now I'm worried about the PC I built for my brother last September - it has an Antec PSU too.

Cheers,
Peter

[Format-Z]

Several ways to remove conduit - http://privacy-pc.com/how-to/remove-conduit-search.html

[hake]

Spyware Blaster ( http://www.brightfort.com/ ) has the means of changing the IE start page in Tools->IE Browser Pages.

[hake]

I have also found that Spybot - Search & Destroy is effective at exorcising Conduit.