Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with malware removal


  • Please log in to reply
9 replies to this topic

#1 halea8

halea8

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 March 2009 - 06:24 AM

Hello,
I was googling for information and found this forum. I visited a friend's website yesterday and immediately my antivirus (Trend-Micron PC-Cillin) detected 4 infected files, and before I could do anything my computer screen went all blue with 'hard run error' message or something like that. I rebooted and got back into Windows. My antivirus quarantined the before-mentioned infected files but couldn't delete one or two of them. I opened Internet Explorer to search for information on how to deal with it and ads would suddenly start popping up. I realized I must have downloaded some kind of spam malware.

I found a post from this forum via goole search that contained some information and so I followed those instructions. It didn't occur to me at the time to ask for advice specific to my problem, thinking the information in that post should be helpful.

Based on the information, I downloaded and scanned my computer with the following tools:
Malware Bytes Anti-Malware (full scan)
SDFix
ATFCleaner
SuperAntiSpyware
and then the MBAM again (quick scan)

There were 333 infected files found and deleted during the first MBAM scan, and 10 infected files after the second. During the SuperAntiSpyware scan, it detected 117 file threats and placed them in quarantine. There was one particular group of files I'm concerned about, the OREANS32 files, including the C:\Windows\System32\Drivers\oreans32.sys, which from what I understand is a legit file. Should I remove this from the quarantine and restore it?

Anyway, I have the logs available to look at for those interested.

After all these scans, everything seems to have gone better. The spam ads were no longer popping up when I browse the web. However, I've enabled the MBAM protective module and every two minutes or so a warning would still pop up with something ike this:
-------------
Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked all execution attempts from the process. Select an option below.

C:\Documents and Settings\user\Local Settings\Temp\BNxx.tmp
[Trojan.Agent]
-------------

The xx would be some number, such as BN17.tmp, BN18.tmp, etc. I would just choose 'terminate' after each time, but I realize there must still be something in my computer generating those files.

A friend of mine suggested using avast antivirus and I did so. It detected a trojan virus along with two adwares. But even after removing these, the MBAM continues to detect the above trojan.agent files. I would greatly appreciate any help on this matter.

BC AdBot (Login to Remove)

 


#2 halea8

halea8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 March 2009 - 06:31 AM

I forgot to add that I'm using a Windows XP Professional.

#3 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 March 2009 - 07:38 AM

A couple of ideas to get you started


Did you disable the Trend Micro antivirus before you ??installed the Avast ?

Do you currently have only ONE installed antivirus program?



I found a post from this forum via goole search that contained some information and so I followed those instructions. It didn't occur to me at the time to ask for advice specific to my problem, thinking the information in that post should be helpful.

Based on the information, I downloaded and scanned my computer with the following tools:
Malware Bytes Anti-Malware (full scan)
SDFix
ATFCleaner
SuperAntiSpyware
and then the MBAM again (quick scan)




It is never really adviseable to folllow instructions given to another person as their problem, although appearing similar to yours, will be unique to/for them :thumbsup:

Could you kindly post the link to the instructions you decided to follow on here so helpers will know what you were doing ?

Could you also kindly post the reports you should have from the Malwarebytes and superantispyware programs for someone to check out for you ?

#4 halea8

halea8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 March 2009 - 08:59 AM

Thank you for your quick response. No, I didn't disable the Trend Micro antivirus when I installed the Avast. In fact, they're still both running right now. (Sorry, I'm new to this.) When you say 'disable,' do you mean uninstall or just stop the program? Do you recommend starting over and install avast again after disabling Trend Micro?

Here's the original posted instructions for somebody else I followed from:
http://www.bleepingcomputer.com/forums/lof...5B/t167051.html

Here's the first MBAM log after the first scan:

Malwarebytes' Anti-Malware 1.35
Database version: 1905
Windows 5.1.2600 Service Pack 3

3/27/2009 2:23:57 AM
mbam-log-2009-03-27 (02-23-57).txt

Scan type: Quick Scan
Objects scanned: 107044
Time elapsed: 10 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 64
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 21
Files Infected: 333

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{168dc258-1455-4e61-8590-9dac2f27b675} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1a8642f1-dc80-4edc-a39d-0fb62a58b455} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3f91eb90-ef62-44ee-a685-fac29af111cd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c29c7e4-5321-4cad-be2e-877666bed5df} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83dfb6ee-ab18-41b5-86d4-b544a141d67e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{88d6cf0e-cf70-4c24-bf6e-e4e414bc649c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8f6a82a2-d7b1-443e-bb9f-f7dc887dd618} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9856e2d8-ffb2-4fe5-8cad-d5ad6a35a804} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a3d06987-c35e-49e4-8fe2-ac67b9fbfb4c} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a58c497b-3ee2-45e7-9594-daca6be2a0d0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad0a3058-fd49-4f98-a514-fd055201835e} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ad5915ea-b61a-4dba-b5c8-ef4b2df0a3c7} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{af2e62b6-f9e1-4d4f-a10a-9dc8e6dcbcc0} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bb187c0d-6f53-4f3e-9590-98fd3a7364a2} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c5041fd9-4819-4dc4-b20e-c950b5b03d2a} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d17726cc-d4dd-4c4a-9671-471d56e413b5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{db8cce99-59c6-4552-8bfc-058feb38d6ce} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{dc3a04ee-cdd7-4407-915c-a5502f97eecd} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1a63484-a022-4d42-830a-fbd411514440} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e282c728-189d-419e-8ee2-1601f4b39ba5} (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\videoegg.activexloader.1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1e5b2693-d348-4ca7-8364-4f5e51bf9c6d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\acpi32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoegg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00a3692 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bcbcd383-3e06-11d3-91a9-00c04f68105c} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MozillaPlugins\@videoegg.com/publisher,version=1.5 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digiwet.dll -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\user\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Loader (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Loader\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\4665 (Adware.VideoEgg) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\user\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\acpi32.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv431238073922.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\DataLOCKED (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Uninstall.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\report.log (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\skin.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\skin.zip (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\videoegg-large.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\videoegg-small.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\videoegg.ico (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Data\Resources\gid326\cid1094\AOL1\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Loader\loader.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\publisher.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\avcodec.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\crashRpt.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\FLVEncoder.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\lame_enc.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\LevelMeter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\libpng.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\npvideoegg-publisher.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\VideoEgg_FLVWriter.ax (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\zlib.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\aol_watermark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_combo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\audio_source.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_gray_logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\big_logo_cropped.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\blank_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\button_browse_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorders_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\camcorder_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_left_curve.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_bottom_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\corners_top_right.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\done_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_bottom_left.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_horiz.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropshadow_vertical.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dropzone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\dv_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_instructions.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\email_sent_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser.CUR (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\eraser_cursor.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\file_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\help.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorders.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_camcorder_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_ff.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_file_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_phone_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_stop.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcams.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_dark.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\icon_webcam_light.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\loading_movie.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\locating.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_bottom.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_middle.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\logo_top.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\mobile_slide_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\movie_placeholder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\ok_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fast_forward_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_pause.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_play.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\player_rewind_to_start.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\playhead.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\powered_by.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\progress.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\refresh_list_up.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\restart_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_over_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\start_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_disabled.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_capture_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\stop_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tab_slide_deselected.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\tape_control.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_camcorder_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_file_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_phone_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\text_webcam_highlight.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_fill.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_medium.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\uploading_thumbnail.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_down.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_from.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\upload_over.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_gray.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_green.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_high.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_low.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_orange.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_red.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\volume_slider.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\waiting_for_email.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcams_title.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_btn_highlighted.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\images\webcam_slide.png (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Publisher\4520\resources\VideoEgg\messages\messages.en-US.bundle (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\updater.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\updater.ver (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\VideoEggBroker.exe (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\VideoEggBroker.exe.old (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\4665\libcurlve.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Application Data\VideoEgg\Updater\4665\updater.dll (Adware.VideoEgg) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMUSIC32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\wpv661238066565.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crypts.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\AUHOOK.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN22.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN23.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN2E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN32.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN34.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN35.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN36.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN39.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN3A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN3C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN45.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN47.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN48.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN54.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN55.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN58.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN5F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\digiwet.dll (Trojan.Agent) -> Quarantined and deleted successfully.

----------------------------------

Here's the SuperAntiSpyware log report, the scan was run after the first MBAM scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/27/2009 at 04:21 PM

Application Version : 4.26.1000

Core Rules Database Version : 3819
Trace Rules Database Version: 1773

Scan type : Complete Scan
Total Scan Time : 01:41:18

Memory items scanned : 235
Memory threats detected : 0
Registry items scanned : 8923
Registry threats detected : 61
File items scanned : 185490
File threats detected : 117

Trojan.TopInstalls/Guard
HKLM\Software\Classes\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\InprocServer32
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\InprocServer32#ThreadingModel
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\ProgID
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\Programmable
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\TypeLib
HKCR\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}\VersionIndependentProgID
HKCR\Protector.IE.1
HKCR\Protector.IE.1\CLSID
HKCR\Protector.IE
HKCR\Protector.IE\CLSID
HKCR\Protector.IE\CurVer
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\0
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\0\win32
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\FLAGS
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\HELPDIR
C:\PROGRAM FILES\IE PROTECTOR\IEPROTECTOR.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKU\S-1-5-21-3292133616-166437076-2906268478-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\ProxyStubClsid
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\ProxyStubClsid32
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\TypeLib
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\TypeLib#Version
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\ProxyStubClsid
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\ProxyStubClsid32
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\TypeLib
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\TypeLib#Version

Unclassified.Oreans32
HKLM\System\ControlSet001\Services\oreans32
C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32
HKLM\System\ControlSet002\Services\oreans32
HKLM\System\ControlSet002\Enum\Root\LEGACY_oreans32
HKLM\System\CurrentControlSet\Services\oreans32
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance

Adware.Zango Toolbar/Hb
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\1.sdf
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat\34fc.dat
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic\ustat
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\dynamic
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\buttondir.txt
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\components.cdf
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\default.cdf
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_MobileSW-US.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\icons2.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\keywords1.dat
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\layout.cdf
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\progress.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\t2_bg.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\theweb.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\top7.cdf
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1\zango.res
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.idx
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.idx
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\user\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\user\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\user\Application Data\ZangoToolbar

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\USER\FAVORITES\AFFLIATE PROGRAMS\CONSCIOUSONE\CONSCIOUSONE.COM LOGIN.URL
C:\DOCUMENTS AND SETTINGS\USER\FAVORITES\AFFLIATE PROGRAMS\JAMES RAY\AFFILIATE LOGIN.URL
C:\DOCUMENTS AND SETTINGS\USER\FAVORITES\AFFLIATE PROGRAMS\ORGANIZE EVERYTHING\LOG IN.URL

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.2o7.net [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.atwola.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.casalemedia.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Profiles\default\mt3y8fce.slt\cookies.txt ]

Malware.Installer-Pkg/Gen
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{989E4C3B-B2C9-4486-9A09-D5A8F953837C}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\PROGRAM FILES\WILDTANGENT\APPS\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{D1A6F3FD-7B40-443F-8767-BADB25A0D222}.EXE

-------------------


And here's the last MBAM log, after the SuperAntiSpyware scan:

Malwarebytes' Anti-Malware 1.35
Database version: 1905
Windows 5.1.2600 Service Pack 3

3/27/2009 5:21:38 PM
mbam-log-2009-03-27 (17-21-38).txt

Scan type: Quick Scan
Objects scanned: 96831
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\fips32cup.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\i386si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

-------------------

By the way, in addition to the MBAM warnings I mentioned in the first post that still pop up now and then, I now start getting an Avast warning as well, which goes like this:

avast! Warning

A Trojan Horse Was Found!


file name: C:\WINDOWS\system32\drivers\securentm.sys\[Embedded_Ix#19b0]

Malware name: Win32:Cutwail [Trj]

Malware type: Trojan Horse

VPS version: 090327-0, 03/27/2009

Recommended action: Move to chest

----------------

I follow the recommended action and move it to the virus chest. This happens every few minutes or so, with the same malware name but different files in the drivers folder. I greatly appreciate all the kind assistance.

#5 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 March 2009 - 09:28 AM

From what you have said you currently have TWO installed antivirus programs?

This is not recommended and you are advised to uninstall ONE of them ,reboot , fully update the one remaining program; also fully update both the Malwarebytes and Superantispyware programs, reboot and run full system scans with the antivirus and Malware and Superantispyware programs.

If Malwarebytes locates infections it will request a computer reboot to complete the cleaning ; please allow this ; it will scan the computer again; Please post the reports from the Malwarebytes and Superantispyware programs and also let us know what the new scan with the remaining Antivirus program detected :thumbsup:

#6 halea8

halea8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 28 March 2009 - 07:06 PM

Thanks. I will follow your suggestions and get back to you.

#7 halea8

halea8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2009 - 04:45 AM

Okay, I uninstalled Avast and kept Trend Micro, rebooted and updated Trend Micro, Malwarebytes and Superantispyware. Then rebooted and did full scan with all 3. Here are the results.

First, full scan with Trend Micro: Nothing detected.

Second, full scan with Malwarebytes. Here's the log report...

Malwarebytes' Anti-Malware 1.35
Database version: 1912
Windows 5.1.2600 Service Pack 3

3/28/2009 5:31:15 PM
mbam-log-2009-03-28 (17-31-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 297522
Time elapsed: 1 hour(s), 15 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 46

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user\Local Settings\Temp\BN10.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN11.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN12.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN18.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN20.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN21.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN3E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN41.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN42.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN43.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN44.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN45.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN46.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN47.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN48.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN49.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN4A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN4D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN50.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN51.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN52.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN53.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN56.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN57.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN58.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN59.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN5A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN5B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN5C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN5D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN5E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN61.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN62.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN63.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN64.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BNCF.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

---------------

After the Malwarebytes scan, I rebooted to complete removal of infected files.
I then rebooted once more in Safe Mode to run Superantispyware.

Third, full scan with Superantispyware...


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/28/2009 at 07:26 PM

Application Version : 4.26.1000

Core Rules Database Version : 3819
Trace Rules Database Version: 1773

Scan type : Complete Scan
Total Scan Time : 01:45:17

Memory items scanned : 223
Memory threats detected : 0
Registry items scanned : 8927
Registry threats detected : 0
File items scanned : 187049
File threats detected : 15

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@statcounter[1].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[2].txt
C:\Documents and Settings\user\Cookies\user@server.iad.liveperson[1].txt
C:\Documents and Settings\user\Cookies\user@rambler[1].txt
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@revsci[1].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\user\Cookies\user@kontera[2].txt
C:\Documents and Settings\user\Cookies\user@casalemedia[2].txt
C:\Documents and Settings\user\Cookies\user@atdmt[2].txt
C:\Documents and Settings\user\Cookies\user@tacoda[1].txt
C:\Documents and Settings\user\Cookies\user@at.atwola[2].txt
C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt
C:\Documents and Settings\user\Cookies\user@statse.webtrendslive[2].txt
C:\Documents and Settings\user\Cookies\user@advertising[2].txt

---------------


After all these scans, the problem hasn't gone away. I still keep getting the warnings from Malwarebytes' protective module such as this:
-------------
Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked all execution attempts from the process. Select an option below.

C:\Documents and Settings\user\Local Settings\Temp\BNxx.tmp
[Trojan.Agent]
-------------

The xx being some number, such as BN17.tmp, BN18.tmp, etc. I would 'terminate' after each time, but it keeps coming back. There must be something else that's not being detected that's generating these files. What are the next steps I should take? Thanks again for all the help.

#8 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 29 March 2009 - 03:40 PM

May I suggest you clear out your Temporary Interent files using ATF cleaner



Please download ATF Cleaner by Atribune & save it to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.

  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Then I suggest you fully update both Malwarebytes and Superantispyware; Reboot the computer and run a full scan with both programs and let us see the reports from those scans for checking :thumbsup:

#9 halea8

halea8
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 31 March 2009 - 04:31 AM

Okay, I ran the ATF cleaner, updated and ran the Malwarebytes and Superantispyware full scan. This all happened yesterday, and here are the results...

Malwarebytes' Anti-Malware 1.35
Database version: 1916
Windows 5.1.2600 Service Pack 3

3/29/2009 4:00:42 PM
mbam-log-2009-03-29 (16-00-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 284357
Time elapsed: 1 hour(s), 23 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\user\Local Settings\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN2B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

-----------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/29/2009 at 06:11 PM

Application Version : 4.26.1000

Core Rules Database Version : 3819
Trace Rules Database Version: 1773

Scan type : Complete Scan
Total Scan Time : 02:05:12

Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 8912
Registry threats detected : 0
File items scanned : 185950
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\user@www.googleadservices[1].txt
C:\Documents and Settings\user\Cookies\user@www.googleadservices[2].txt

----------------------

The problem still persists, with Malwarebytes catching BNxx.tmp Trojan.Agent files. Today, 3/30, I ran the Malwarebytes again, and here's the log report:

Malwarebytes' Anti-Malware 1.35
Database version: 1922
Windows 5.1.2600 Service Pack 3

3/30/2009 6:00:25 PM
mbam-log-2009-03-30 (18-00-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 285728
Time elapsed: 1 hour(s), 19 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\netsik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN13.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN14.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN16.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN19.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temp\BN1C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

----------------------

Today we also got a call from RoadRunner (our internet cable provider) telling us that they've received complaints of spam emails being generated from our computer. Not sure what to do. Any help is appreciated. All these antivirus/malware removel software seem to be missing whatever this is.

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:41 AM

Posted 31 March 2009 - 08:29 PM

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users